IT services provider Cognizant said in an earnings call this week that a ransomware incident that took place last month in April 2020 will negatively impact its Q2 revenue.

"While we anticipate that the revenue impact related to this issue will be largely resolved by the middle of the quarter, we do anticipate the revenue and corresponding margin impact to be in the range of $50 million to $70 million for the quarter," said Karen McLoughlin, Cognizant Chief Financial Officer in an earnings call.

McLoughlin also expects the incident to incur additional and unforeseen legal, consulting, and other costs associated with the investigation, service restoration, and remediation of the breach.

The Cognizant CFO says the company has now fully recovered from the ransomware infection and restored the majority of its services.

We have warned companies for many years about ransomware and how to protect your organization. Most recently, via our Webinar in conjunction with Datto titled: COVID-19: Teleworking & Cybersecurity Best Practices.

A few weeks ago, it was reported some employees lost email at Cognizant due to a Maze ransomware attack thanks to an internal directory which was deleted.

At the time, Cognizant told CRN the communications problems were limited to a “small percentage of associates.”

“We cannot comment in detail, but we can say that while a small percentage of associates on a legacy email system have their access restricted, we have maintained contact with our clients and prospective clients through a number of communications channels,” the company said.

Speaking on the ransomware attack, Humphries said the incident only impacted its internal network, but not customer systems.

He continued, the ransomware incident impacted (1) Cognizant's select system supporting employees' work from home setups and (2) the provisioning of laptops that Cognizant was using to support its work from home capabilities during the COVID-19 pandemic.

Humphries said staff moved quickly to take down all impacted systems, which impacted Cognizant's billing system for a period of time. Some customer services were taken down as a precaution he concluded.

There is Twitter speculation that Cognizant access was sold online, causing the attack:

- April 11 a threat actor offers to sell access to a huge IT company for $200,000.

- April 17th he closes the thread saying it is not relevant anymore.

- April 18th, Cognizant suffers a Ransomware by Maze.

Is it possible Maze bought that access and Cognizant was the company? https://t.co/IZlB82Bfd7

— Under the Breach ?? (@underthebreach) April 18, 2020

This could be the case but the fact that the teleworking systems were affected, leads us to believe a bad click by an employee, led to a ransomware infection.

As always, we try to learn from these incidents and help others do the same.

If this attack started as an email that caused ransomware to spread, a simple way to combat such an issue is via phishing simulation. This is done by sending messages to users which look like messages a hacker would send. If the user clicks, they are instantly trained. This is the best way to laser target training to those who need it most. We suggest our PHISH360 which is free to use for small businesses.

In addition, our company, Apex Technology Services offers network security assessments which should be done regularly to ensure systems are as secure as possible.

While the Covid-19 pandemic has made this a challenging business climate for many organizations, hackers are stepping up their efforts, knowing work at home users are more vulnerable. A company dealing with a pandemic has enough problems… Adding the financial challenges of a ransomware attack to an already tough situation may be unsustainable for most organizations.

The time to get help is now – before an attack takes place.