Cognizant said it has contained the Maze ransomware strike that hit it as well as its customers last month and it expects to spend up to US$70 million over the next three months remediating the damage the attack caused.
CEO Brian Humphries told investors that the solution provider has held three conference calls with customers, the latest this week, as well as “hundreds of individual client calls” to reassure them that Cognizant was doing all it could to contain the threat.
“Retaining client trust is of paramount importance,” Humphries said during the company’s first quarter earnings call Thursday. “So, we erred on the side of over-communicating the details of what we knew and how we were working to contend or mitigate this incident. We proactively provided clients with Indicators of Compromise or so called IOC, namely forensic data that a company can use to identify potentially malicious activity and defend against attacks from external actors.”
The attack will hit Cognizant’s revenue and margins in the second quarter, with the company expecting to spend between US$50 million and US$70 million on remediation. The company also may spend money on legal costs, consultants and other costs related to its ongoing investigation into the attack.
“While we have restored the majority of our services and we are moving quickly to complete the investigation, it is likely that costs related to the ransomware attack will continue to negatively impact our financial results beyond Q2,” said Cognizant CFO Karen McLoughlin.
Humphries said the attack did not have a meaningful impact on Cognizant’s business momentum. However, it happened as Cognizant moved its employees to work from home and -- as first reported by CRN -- some lost email access and were forced to talk with coworkers and customers through other means.
“The ransomware attack had effectively disabled some of our internal systems that have been encrypted, which impacted some of our work-from-home enablement and indeed certain clients had opted, just as an abundance of caution to isolate themselves from our network,” Humphries said. “We have contained the virus by working night and day candidly internally as well as working with leading cybersecurity partners, including Mandiant and of course the federal authorities.”
Humphries said billings in April and early May were hit as those customers suspended service with Cognizant for fear of being infected. However, Cognizant continued to staff the teams that work on the suspended accounts.
“We had the perfect storm in which we still had costs without revenue,” Humphries said. “On top of that, when you have clients who disconnect you from their network for a period of time until such time as you're contained the malware, yet again, you want to keep those skill sets ready to reengage as soon as the clients permit you to reengage.”
The attack encrypted servers and took out some of the work from home capabilities that Cognizant had just put in place to help employees during the first weeks of the coronavirus lockdowns. It also slowed the company’s ability to enable more work from home by taking out tools that it used to automate and provision laptops.
Humphries said the attack underscored the reality of today’s cyber landscape, which is that no one is immune to ransomware.
“Nobody wants to be dealt with a ransomware attack,” he said. “I personally don't believe anybody is truly impervious to it, but the difference is how you manage it. And we tried to manage it professionally and maturely.”
He said the company has used the experience to harden security across all of its systems, which Humphries called a “no-regret” cost of the cleanup.
In terms of revenue, Cognizant said first quarter sales came in at US$4.2 billion, up 2.8 percent from a year ago. Net income for the quarter ended March 31 was down to US$367 million compared to US$441 million in the year-ago quarter. That translates to a diluted earnings per share of US$0.67 compared to US$0.77 in the year-ago quarter.