A ransomware attack disrupted IT services company Conduent’s work with its clients last week, another example of digital extortionists targeting key technology suppliers.
Conduent, which reported $4.5 billion in revenue last year and provides IT services in sectors such as health care and banking, had its European operations temporarily hampered, spokesman Sean Collins said. The incident occurred on May 29. Most systems were functioning nine hours later on that same day, and all have since been restored, he said.
It was unclear which Conduent clients were affected by the disruption. Collins did not respond to a question on which clients were affected.
The notorious set of hackers behind the Maze ransomware variant claimed responsibility. Like a lot of crooks involved in ransomware, the Russian-speaking Maze affiliates are not one group, but several distinct teams that specialize in writing code or breaching networks.
If confirmed, it would be at least the second multibillion-dollar IT services company that Maze has infected in the last two months. Cognizant, a Fortune 500 company with over a quarter of a million employees, announced a Maze incident in April.
Maze is but one of a series of ransomware affiliates that like to target IT services companies and then boast about having access to sensitive corporate data. The hackers use victim-shaming websites to pressure companies to pay a ransom, and then dump data if the demands aren’t met.
“Ransomware threat actors like IT and managed service providers [MSP] because they can provide the attacker with easy access to many targets, some of which are potentially lucrative,” said Allan Liska, a ransomware specialist at threat intelligence company Recorded Future.
Collins, the Conduent spokesman, said the company is still doing a post-mortem on the breach.
“As our investigation continues, we have ongoing internal and external security forensics and anti-virus teams reviewing and monitoring our European infrastructure,” he said.