Business process services provider Conduent is the target of a ransomware attack which appears to be Maze operators’ job.
Established in 2017 as a divestiture from Xerox and headquartered in New Jersey, the company provides digital solutions for both business and government entities and employs more than 68,000 people in over 40 countries.
On Friday, May 29, the company discovered the cyber-attack and said only its European operations had been affected. The attackers installed ransomware on compromised networks, and while Conduent said it was able to restore everything quickly, there were still some services that were affected.
“The European operations of the Conduent experienced a service interruption on Friday 29 May 2020. Our system identified ransomware through our cybersecurity protocols addressed then. This interruption began on May 29 at 12.45 AM CET, with systems mostly back in production by 10.00 AM CET that morning, and all systems have since been restored, “a Conduct spokesman said.
“This led to a partial disruption of the services we offer to other clients. We have active internal and external security forensics and anti-virus teams testing and tracking our European infrastructure as our investigation continues, “the firm also said.
Maze Ransomware group claiming they hacked @Conduent, an American business process services company.
– The company has $4,500,000,000 annual profits and 68,000 employees.
– The group posted some financial proofs to confirm the breach. pic.twitter.com/hBa9BUMMNA
— Under the Breach (@underthebreach) June 4, 2020
Conduent did not provide information about the ransomware that was used in the attack, but the operators behind the Maze ransomware claimed the attack and also started posting the allegedly stolen data on the dark web during the attack.
Maze operators have been leaking data stolen as part of their attacks over the past six months, in an attempt to compel victims to pay the ransom.
No information has been provided on how the attackers might have breached Conduent, but the Maze group is known for lingering in the broken networks for weeks before actually deploying ransomware, and Bad Packets, a threat intelligence firm, suggests that the Citrix ADC vulnerability tracked as CVE-2019-19781 could have been misused for initial access.
Our CVE-2019-19781 scans (https://t.co/Ba1muwe7ny) found Conduent’s Citrix server (https://t.co/zhB1pv9NHi) was vulnerable for at least 8 weeks. https://t.co/9fkTfpeu4L
— Bad Packets Report (@bad_packets) June 4, 2020
In April, Cognizant, a professional services company that ranked 193 on the Fortune 500 list in 2019, fell victim to the ransomware Maze.