The Cognizant Breach: What You Should Know About Maze Ransomware Attacks

Ransomware: Maze ransomware attack have become quite common
Share the knowledge

Cognizant, an American company providing IT services based in Teaneck, New Jersey, is one of the latest victims of the infamous Maze ransomware. The IT services provider operating in more than 37 countries, with a turnover of $16bn, said the attack took place on Friday, April 17th. According to the company’s system integrator, the virulent ransomware locked their internal system and also attacked some of their clients.

The ransomware attack caused interruptions in parts of Cognizant’s business which resulted in the loss of revenue that has the potential of impacting the company’s financial results.

What exactly is a Maze ransomware attack?

The ransomware was first detected in 2019 by Jerome Segura, a top security analyst at Malwarebytes Labs. In spite of being around for about a year, the ransomware has continued to wreak havoc on organizations and businesses around the globe. This has resulted in impersonation attempts, data leaks, and lawsuits.

During the initial period, Maze was being distributed by the Fallout kit via a website disguised as a virtual currency app. It is a complex type of Windows ransomware that demands payment in the form of cryptocurrency in exchange for releasing your data.

Get New Internet Patrol Articles by Email!

(Unobtrusive plea for financial support by tipping us.)


Initially, Maze was known as ChaCha ransomware. Its main aim is to encrypt all the files it infects in a system and demand payment to decrypt those files.

Unlike other sorts of ransomware, Maze not only encrypts the infected data, but it also makes copies of the original data in the process. This is like a double-edged sword because if the victims do not pay the ransom to have their data decrypted, the people behind Maze may also choose to leak or sell the data. Of course, they can always do this anyway, which is why taking care to secure your data in the first place is so important.

Normally, ransomware targets companies involved in providing services to businesses and organizations, as they are easier to exert pressure on to pay ransoms in order to safeguard their clients’ data.

The threat to leak the encrypted data is often not just idle talk as most victims have found out. Those behind and using Maze do not think twice

According to McAfee, “Maze is ransomware created by skilled developers. It uses a lot of tricks to make analysis very complex by disabling disassemblers and using pseudocode plugins.”


The ransomware uses ChaCha20 and RSA encryption as part of the process and once they infect a system, they encrypt files and append different extensions to them.

In Cognizant’s case, it is likely that Maze hackers were not responsible for the initial breaking into the company’s network. Instead, someone else accessed the Cognizant network and later sold the information to Maze.

Regardless of how Maze ended up infecting Cognizant’s data and locking it up for ransom, it points to how very important it is to take data security seriously. Both businesses and individuals need to be aware of the threat of ransomware. For more information about protecting your data from ransomware, see our article How to Protect Yourself or Your Business from Ransomware in 2 Steps.

Note: The Internet Patrol is completely free, and reader-supported. If something that you find here helps you, please consider supporting us. We also earn a small amount from ads and Amazon links:
Click for amount options

Share the knowledge

Leave a Reply

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.