Cognizant expects to lose 50 to 70 million dollars (46 to 64 million euros) after last month’s ransomware incident. The IT service provider reported this in an earnings call.
Karen McLoughlin, Cognizant Chief Financial Officer, expects the ransomware incident to result in additional unforeseen costs. Including costs associated with the investigation of the ransomware incident, service recovery and restoration of Cognizant’s systems after the breach.
“While we anticipate that the revenue impact related to this issue will be largely resolved by the middle of the quarter, we do anticipate the revenue and corresponding margin impact to be in the range of 50 million to 70 million dollars for the quarter”, McLoughlin said in an earnings call.
Cognizant’s CFO announced that the company has now fully recovered from the ransomware infection and that the majority of its services have been restored.
Ransomware only affected the internal network
Cognizant’s CEO, Brian Humphries, stated the incident only affected Cognizant’s internal network, not their customers’ systems. In particular, Cognizant’s system that supports remote working was affected. The provisioning of laptops to employees working from home was also negatively affected by the incident.
According to Humphries, his staff moved quickly to take as many affected systems offline as possible during the incident. Various customer services were taken down as a precaution. As a result, Cognizant’s billing system did not work for a short period.
Chaotic situation at Cognizant
On 17 April, ZDNet became aware of the incident after several dissatisfied customers approached the company about the ‘technical problems’ at Cognizant. The company tried to hide the major security breach from its customers under the guise of technical problems. The IT service provider did talk to customers during the breach, but those conversations didn’t go smoothly as Cognizant did not share the actual details of what had occurred.
Initially, customers feared that a hacker had gained access to the Cognizant servers, and thus had gained access to their own servers. Moments later, the company sent an internal warning to its customers, urging them to block internet traffic for a select number of IP addresses.
Customers quickly realized that the Maze ransomware group had already used these IP addresses in the past. One day later, Cognizant finally publicly admitted that their network was infected with Maze ransomware.