Conduent Business Services Provider Is Under Ransomware Attack


Business process services provider Conduent is the target of a ransomware attack which appears to be Maze operators’ job.

Established in 2017 as a divestiture from Xerox and headquartered in New Jersey, the company provides digital solutions for both business and government entities and employs more than 68,000 people in over 40 countries.

On Friday, May 29, the company discovered the cyber-attack and said only its European operations had been affected. The attackers installed ransomware on compromised networks, and while Conduent said it was able to restore everything quickly, there were still some services that were affected.

“The European operations of the Conduent experienced a service interruption on Friday 29 May 2020. Our system identified ransomware through our cybersecurity protocols addressed then. This interruption began on May 29 at 12.45 AM CET, with systems mostly back in production by 10.00 AM CET that morning, and all systems have since been restored, “a Conduct spokesman said.

“This led to a partial disruption of the services we offer to other clients. We have active internal and external security forensics and anti-virus teams testing and tracking our European infrastructure as our investigation continues, “the firm also said.

Conduent did not provide information about the ransomware that was used in the attack, but the operators behind the Maze ransomware claimed the attack and also started posting the allegedly stolen data on the dark web during the attack.

Maze operators have been leaking data stolen as part of their attacks over the past six months, in an attempt to compel victims to pay the ransom.

No information has been provided on how the attackers might have breached Conduent, but the Maze group is known for lingering in the broken networks for weeks before actually deploying ransomware, and Bad Packets, a threat intelligence firm, suggests that the Citrix ADC vulnerability tracked as CVE-2019-19781 could have been misused for initial access.

In April, Cognizant, a professional services company that ranked 193 on the Fortune 500 list in 2019, fell victim to the ransomware Maze.

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.