Conduent ransomware attack and its Citrix Server Vulnerability

714

Conduent, a Business Process services company headquartered in New Jersey, America was reportedly hit by a ransomware attack on May 29th,2020. The company has confirmed the attack and said that the incident was contained in 9 hours( starting from12:45 am CET to 10:00 am CET) before the systems were brought online from backups, but failed to acknowledge any data breach.

 

But Cybersecurity firm Emsisoft says that there was a bit of data breach in the file-encrypting malware attack launched by Maze Ransomware spreading hacking group which also hit Cognizant in April this year.

 

Researchers from Emsisoft say that those who launched the Conduent Cyber Attack published 2 ZIP files on the dark web related to some sensitive company information about the company’s branch operating from Germany and were related to Vodafone Deutschland.

 

In separate research conducted by Threat Intelligence firm Bad Packets, Conduent Citrix Servers were exposed to a vulnerability between December 17th,2019 to February 14th,2020 and might have been infiltrated by hackers. And this could have led to the recent data leak on the dark web which the hackers from Maze Ransomware spreading group are now claiming to have accessed before locking up the database of the company in May 2020.

 

Note 1- Till January 2017, Conduent was part of the Xerox Corporation.

 

Note 2- Maze Ransomware is a kind of ransomware variant that targets mainly Windows OS running machines in Corporate networks. It is one of the dangerous malware variants prevailing in the cyber world as it steals data before it encrypts a database and blackmails the victim with the stolen data to pressurize them until a ransom is paid.