Ransomware crooks attack Conduent, another large IT provider

Maze is but one of a series of ransomware affiliates that like to target IT services companies.
(Ivan Radic / Flickr)

A ransomware attack disrupted IT services company Conduent’s work with its clients last week, another example of digital extortionists targeting key technology suppliers.

Conduent, which reported $4.5 billion in revenue last year and provides IT services in sectors such as health care and banking, had its European operations temporarily hampered, spokesman Sean Collins said. The incident occurred on May 29. Most systems were functioning nine hours later on that same day, and all have since been restored, he said.

It was unclear which Conduent clients were affected by the disruption. Collins did not respond to a question on which clients were affected.

The notorious set of hackers behind the Maze ransomware variant claimed responsibility. Like a lot of crooks involved in ransomware, the Russian-speaking Maze affiliates are not one group, but several distinct teams that specialize in writing code or breaching networks.


If confirmed, it would be at least the second multibillion-dollar IT services company that Maze has infected in the last two months. Cognizant, a Fortune 500 company with over a quarter of a million employees, announced a Maze incident in April.

Maze is but one of a series of ransomware affiliates that like to target IT services companies and then boast about having access to sensitive corporate data. The hackers use victim-shaming websites to pressure companies to pay a ransom, and then dump data if the demands aren’t met.

“Ransomware threat actors like IT and managed service providers [MSP] because they can provide the attacker with easy access to many targets, some of which are potentially lucrative,” said Allan Liska, a ransomware specialist at threat intelligence company Recorded Future.

Collins, the Conduent spokesman, said the company is still doing a post-mortem on the breach.

“As our investigation continues, we have ongoing internal and external security forensics and anti-virus teams reviewing and monitoring our European infrastructure,” he said.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts