
Business process outsourcing firm Conduent said its European operations were hit with ransomware last week, which two security companies said has led to the leak of internal company documents on to the web.
Ransomware busters Emsisoft, as well as the threat intelligence firm Bad Packets, said Conduent appears to have been struck by Maze ransomware. Maze is the same brand of ransomware that hit Cognizant in April during in a high profile attack that locked some employees out of the company’s email systems, just as Cognizant was moving employees to remote work.
In the Conduent attack, Maze hackers appear to have published two zip files which New Zealand-based Emsisoft security analyst Brett Callow said contain documents related to the company’s work in Germany. The files were released Wednesday on a site that publicizes Maze attacks.
“I see a file for Vodafone Deutschland,” he told CRN. “These groups typically start by posting the older and less sensitive data served if they were to post the Crown Jewels so to speak, the company would have less incentive to pay for the remaining data being published.”
Conduent released a statement today confirming the attack happened on May 29. The statement said it lasted about nine hours before its systems were back online.
“Conduent's European operations experienced a service interruption on Friday, May 29, 2020, the statement reads. “Our system identified ransomware, which was then addressed by our cybersecurity protocols. This interruption began at 12.45 AM CET on May 29th with systems mostly back in production again by 10.00 AM CET that morning, and all systems have since then been restored. This resulted in a partial interruption to the services that we provide to some clients. As our investigation continues, we have on-going internal and external security forensics and anti-virus teams reviewing and monitoring our European infrastructure.”
[RELATED: Cognizant Breach: 10 Things To Know About Maze Ransomware Attacks]
Conduent did not respond to a question about whether any documents were taken, or whether any data was stolen from its governmental customers. Conduent runs automated toll systems in several states, an operation that has come under fire from lawmakers.
Conduent was created after Xerox spun off its business process outsourcing business in 2016. It started trading in December 2016 at $14.60 a share. Its stock price reached a high of $23.27 in September 2018. Conduent shares closed at $2.66 yesterday.
Cybersecurity research firm Bad Packet posted a tweet yesterday that suggested one of Conduent’s Citrix servers was vulnerable to a specific threat for eight weeks between December 17 and Feb. 14. The company also tweeted screenshots that confirm what Callow stated were document’s related to Conduent’s business with Vodafone. The document appears to be an invoice and is titled “Rechnung,” which is the German word for “bill.” It is dated March 2018.
Conduent did not respond to a CRN email that asked the company about Bad Packet’s research.
Cognizant’s attack is expected to hit the company’s bottom line, as mitigation costs are likely to spiral to between $50 and $70 million, the company told investors during an earnings call in early May. The company also may spend money on legal costs, consultants and other costs related to its ongoing investigation into the attack.
“While we have restored the majority of our services and we are moving quickly to complete the investigation, it is likely that costs related to the ransomware attack will continue to negatively impact our financial results beyond Q2,” said Cognizant CFO Karen McLoughlin.
The attack on Cognizant came a year after massive solution provider Wipro was hit by cybercriminals who seeded ransomware through a number of its customers.
related stories
Video
trending stories
sponsored resources

CRN Showcase

APC by Schneider Electric
Digital Services for Edge Learning Center

Channel Chief Showcase

Comm100
Collaboration & Communications 360

Cradlepoint
5g for Business 360

Cato Networks
SASE & SD-WAN 360

Trend Micro
Trend Micro Learning Center

Veeam
Veeam

Acer
Remote Workforce 360

Partner Program Guide Showcase

NPD
Industry Trends 360

Comcast Business
Comcast Business Learning Center

Terranova Security
Cybersecurity 360

CyberPower
CyberPower

eSentire
Managed Detection and Response 360

EPOS
EPOS

Sherweb
Sherweb

Dell Technologies
Dell Technologies Cloud Learning Center

Dell Technologies
Microsoft HCI Solutions from Dell Technologies Learning Center

Dell Technologies
Dell Technologies Server Learning Center

Carbonite
Cloud Storage 360

VMware

HubStor
Cloud Backup 360

Wasabi
Wasabi

Cysurance
Cyber Insurance 360

Vertiv
Edge Computing Learning Center

Webroot
Webroot Learning Center

Tenable
Cyber Risk 360

Fujifilm
Fujifilm

Sophos
Sophos Cybersecurity Learning Center

Vonage
Vonage

BlackBerry
BlackBerry Learning Center

Cyber Protection 360

Application Integration 360

Hitachi Vantara
Hitachi Vantara

Smart 3rd Party
3rd Party Maintenance 360

SentinelONE
EndPoint Security 360

iboss
Cloud SASE Platform 360

Dell Technologies
Dell Technologies Storage Learning Center

Fortinet
Fortinet

Area 1 Security
Area 1 Security
