The ransomware attack on the IT services company Cognizant is expected to cost between $50 million and $70 million, according to a recent financial report filed by the company last week. The firm was attacked with ransomware on April 17, 2020. Upon discovery of the attack, systems were rapidly taken offline to limit the extent of the attack. Had it not been for the immediate response, the outcome could have been far worse.
The group responsible for the attack commonly steals customer data before deploying the ransomware, but in this case the attackers are not believed to have successfully exfiltrated data and the fast action limited the attack to certain internal computer systems. Client data is not believed to have been affected.
Recovering from a ransomware attack can be a slow, labor-intensive process. Cognizant says that it has now restored most of its IT systems and is working to complete the investigation into the attack. The firm believes it will take until the end of the month for all computer systems to be brought back online. It is unclear whether Cognizant entered into negotiations with the attackers and if the ransom demand was paid.
A spokesperson for the company said “We are using this experience as an opportunity to refresh and strengthen our approach to security. We are already applying what we have learned to further harden and strengthen our security environment.”
The attack occurred at a time when the firm was in the middle of preparations to expand the number of remote employees in response to COVID-19. Some of the servers that were taken out of action were being used to support remote workers and the company lost some of its work-from-home capabilities. The attack also slowed down further expansion of its work-from-home initiative, as the systems used to automate and provision laptops for at-home workers stopped functioning.
Even the fast action was not sufficient to prevent significant downtime, loss of reputation, and the suspension of some customer accounts. The majority of the costs associated with the ransomware attack will affect its Q2 revenue, but ongoing remediation costs are also expected to impact revenue in subsequent quarters.