LockBit RansomWare > Accenture
Lockbit hacker group claimed that they had attacked Accenture last Tuesday in an apparent ransomware attack.
Who is Accenture?
Accenture plc is an Irish-based multinational company that provides consulting and professional services. Accenture is one of the world’s largest tech consultancy firms and employs around 569,000 people across 50 countries. Accenture’s clients include 91 of the Fortune Global 100 and more than three-quarters of the Fortune Global 500, including -commerce giant Alibaba, Cisco, and Google.
What Happened?
Accenture on Wednesday confirmed that it was hit by a ransomware attack, with a hacker group using the LockBit ransomware. The threat actor demanded $50 million in exchange for more than 6 TB of data, according to a tweet from Cyble, a dark web, and cybercrime monitoring firm.
“Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers,” Accenture said in a statement. “We fully restored our affected systems from backup, and there was no impact on Accenture’s operations, or on our clients’ systems.”
How it happened?
Precisely how hackers infiltrated Accenture’s network remains to be determined. However, preliminary evidence suggests that it could be an inside job. The LockBit website hosted the message, “these people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases, reach us.”
“The wallpaper displayed on compromised systems now includes text inviting insiders to help compromise systems — promising payouts of millions of dollars,” Cybereason’s Tony Bradley in a Wednesday post.
While a voluntary inside job might seem like a stretch, A paid one, perhaps even less so. In 2020, an individual living in the US was arrested after offering a Tesla employee $1 million in exchange for deploying ransomware on the company’s internal network.
What is Lockbit?
Experts first discovered the LockBit group in September of 2018. LockBit is a cybercriminal gang that operates using a ransomware-as-a-service (RaaS) model — similar to DarkSide and REvil. LockBit offers its ransomware platform for other entities or individuals to use based on an affiliate model. Any ransom payments received from LockBit are divided between the customer directing the attack and the LockBit gang.
LockBit’s ransomware is commonly a double-tap variant, which means that files will both be encrypted, and Ransome is demanded in exchange for refraining from the release of the stolen data.
The after-effects
Accenture has reportedly fully restored systems from backup, according to Reuters. Additionally, the ransomware attack does not appear to have affected Accenture’s operations or client systems.
Further, an Israel-based cybersecurity firm Hudson Rock claimed that about 2,500 computers of employees and partners have been compromised and used by the attackers.
While Accenture has assured customers that the attack was contained, several security industry observers say they are seeing confidential Accenture information being made public, with more expected to come. According to Security Affairs, since the initial deadline for the payment has come passed and the gang has published at least some data to its page on the dark web, a shady corner of the internet reachable with special software.
To Know More visit us
