Conduent, a major player in the IT services industry, took a big hit from Maze ransomware. The May 29 attack targeted the company’s European operations, which were suspended for just over nine hours as they worked to identify the ransomware and restore their systems.
The vulnerability that led to the attack had been running for at least 8 weeks, says CBR. A report from CRN states that two zip files containing documents related to Conduent’s work in Germany were put out on a dark web site that publicizes Maze attacks, where breached data is publicly available for download. According to New Zealand-based Emsisoft security analyst Brett Callow, the files seem to be less sensitive data, aiming to incentivize Conduent to pay out before more sensitive data that remains is published.
Conduent provides its services to businesses, including the greater number of Fortune 100 companies, and over 500 governments. In 2019 their revenue was $4.4 billion. According to a statement by the company on GlobeNewswire, Conduent’s services also include “two-thirds of all insured patients in the U.S., 11 million employees who use its HR Services, and nearly nine million people who travel through toll systems daily.” Their customers include public universities and schools, electric utilities and cooperatives, and major financial and banking institutions. The scope of their customer base and numbers of potentially affected individuals is worrisome in the face of such a data breach.
First discovered at the end of May 2019, Maze has already racked up a number of attacks globally, including against medical research organizations, professional security services, and law firms. This comes alongside many other similar attacks instigated by other hackers.
Maze ransomware typically aims to encrypt as many files it can in an infected system, often easily spreading across a corporate network. They then demand a ransom to recover the files, and will publicly release details of the security breach, inform the media and stock exchanges, sell stolen information, and attack clients and partners with the information until the ransom is paid. Cognizant, another company that had been hit by Maze in mid-April, has estimated mitigation, investigation, and other cleanup costs at $50 to $70 million. It is unclear yet what these numbers may look like for Conduent.