Cognizant expects to lose between $50m and $70m following ransomware attack

Cognizant says April ransomware incident will negatively impact Q2 revenue.
Written by Catalin Cimpanu, Contributor

IT services provider Cognizant said in an earnings call this week that a ransomware incident that took place last month in April 2020 will negatively impact its Q2 revenue.

"While we anticipate that the revenue impact related to this issue will be largely resolved by the middle of the quarter, we do anticipate the revenue and corresponding margin impact to be in the range of $50 million to $70 million for the quarter," said Karen McLoughlin, Cognizant Chief Financial Officer in an earnings call yesterday.

McLoughlin also expects the incident to incur additional and unforeseen legal, consulting, and other costs associated with the investigation, service restoration, and remediation of the breach.

The Cognizant CFO says the company has now fully recovered from the ransomware infection and restored the majority of its services.

Incident only impacted internal network

Speaking on the ransomware attack, Cognizant CEO Brian Humphries said the incident only impacted its internal network, but not customer systems.

More precisely, Humphries said the ransomware incident impacted (1) Cognizant's select system supporting employees' work from home setups and (2) the provisioning of laptops that Cognizant was using to support its work from home capabilities during the COVID-19 pandemic.

Humphries said staff moved quickly to take down all impacted systems, which impacted Cognizant's billing system for a period of time. Some customer services were taken down as a precaution.

Cognizant held meetings with customers, however, the meetings did not go smoothly as Cognizant avoided sharing any actual details of what had happened.

ZDNet learned of the incident as it was going on, at the time, on April 17, when several disgruntled customers had reached out to this reporter about the company attempting to hide a major security breach under the guise of "technical issues" and cutting off access to a series of services.

Initially, customers feared that a hacker had either stole user data from servers, or a ransomware incident had taken place, and the ransomware spread to customer servers, encrypting their data and the servers becoming inaccessible.

Customers were thrown in full paranoia mode after Cognizant sent an internal alert to all customers, urging clients to block traffic for a list of IP addresses.

Customers were quick to link the IP addresses to web servers operated in the past by the Maze ransomware gang.

Cognizant, one of the largest providers of server hosting and IT services in the US, eventually publicly admitted that its network was infected with the Maze ransomware a day later on April 18.

Cognizant losses in the same range as Norsk Hydro

Cognizant losses from the incident are in the same range reported last year by aluminum producer Norsk Hydro, which reported that a March 2019 ransomware incident would cause total revenue losses of more than $40 million, a number it later adjusted to nearly $70 million during the year.

Humphries said that Cognizant is now working to address the concerns of customers who opted to suspend Cognizant services in the wake of the ransomware attack, which also impacted Cognizant's current bottom line.

Cognizant reported a Q1 2020 revenue of $4.2 billion, up 2.8% over Q1 2019.

The number of SEC filings listing ransomware as a major forward-looking risk factor to companies' profits has skyrocketed in recent years from 3 filings in 2014 to 1,139 in 2019, and already 743 in 2020. Companies are seeing today ransomware attacks as a real risk for their bottom lines as ransomware incidents tend to cause reputational damage to stock prices and financial losses due to lost revenue as most victims take weeks and months to fully recover.

Cloud services: 24 lesser-known web services your business needs to try

Editorial standards