[BreachExchange] Cognizant expects to lose between $50m and $70m following ransomware attack

Destry Winant destry at riskbasedsecurity.com
Mon May 11 10:22:12 EDT 2020


https://www.zdnet.com/article/cognizant-expects-to-lose-between-50m-and-70m-following-ransomware-attack/

IT services provider Cognizant said in an earnings call this week that
a ransomware incident that took place last month in April 2020 will
negatively impact its Q2 revenue.

"While we anticipate that the revenue impact related to this issue
will be largely resolved by the middle of the quarter, we do
anticipate the revenue and corresponding margin impact to be in the
range of $50 million to $70 million for the quarter," said Karen
McLoughlin, Cognizant Chief Financial Officer in an earnings call
yesterday.

McLoughlin also expects the incident to incur additional and
unforeseen legal, consulting, and other costs associated with the
investigation, service restoration, and remediation of the breach.

The Cognizant CFO says the company has now fully recovered from the
ransomware infection and restored the majority of its services.

INCIDENT ONLY IMPACTED INTERNAL NETWORK

Speaking on the ransomware attack, Cognizant CEO Brian Humphries said
the incident only impacted its internal network, but not customer
systems.


More precisely, Humphries said the ransomware incident impacted (1)
Cognizant's select system supporting employees' work from home setups
and (2) the provisioning of laptops that Cognizant was using to
support its work from home capabilities during the COVID-19 pandemic.

Humphries said staff moved quickly to take down all impacted systems,
which impacted Cognizant's billing system for a period of time. Some
customer services were taken down as a precaution.

How will a Data Breach impact your Brand reputation?

While an average of over 25,000 records can be lost in a data breach,
the costs to organizations are extending far beyond initial
exfiltration.
Register to explore the findings and learn proactive steps to help
mitigate potential data breach costs.

Cognizant held meetings with customers, however, the meetings did not
go smoothly as Cognizant avoided sharing any actual details of what
had happened.

ZDNet learned of the incident as it was going on, at the time, on
April 17, when several disgruntled customers had reached out to this
reporter about the company attempting to hide a major security breach
under the guise of "technical issues" and cutting off access to a
series of services.

Initially, customers feared that a hacker had either stole user data
from servers, or a ransomware incident had taken place, and the
ransomware spread to customer servers, encrypting their data and the
servers becoming inaccessible.

Customers were thrown in full paranoia mode after Cognizant sent an
internal alert to all customers, urging clients to block traffic for a
list of IP addresses.

Customers were quick to link the IP addresses to web servers operated
in the past by the Maze ransomware gang.

Cognizant, one of the largest providers of server hosting and IT
services in the US, eventually publicly admitted that its network was
infected with the Maze ransomware a day later on April 18.

COGNIZANT LOSSES IN THE SAME RANGE AS NORSK HYDRO

Cognizant losses from the incident are in the same range reported last
year by aluminum producer Norsk Hydro, which reported that a March
2019 ransomware incident would cause total revenue losses of more than
$40 million, a number it later adjusted to nearly $70 million during
the year.

Humphries said that Cognizant is now working to address the concerns
of customers who opted to suspend Cognizant services in the wake of
the ransomware attack, which also impacted Cognizant's current bottom
line.

Cognizant reported a Q1 2020 revenue of $4.2 billion, up 2.8% over Q1 2019.

The number of SEC filings listing ransomware as a major
forward-looking risk factor to companies' profits has skyrocketed in
recent years from 3 filings in 2014 to 1,139 in 2019, and already 743
in 2020. Companies are seeing today ransomware attacks as a real risk
for their bottom lines as ransomware incidents tend to cause
reputational damage to stock prices and financial losses due to lost
revenue as most victims take weeks and months to fully recover.


More information about the BreachExchange mailing list