Business Continuity Management / Disaster Recovery , Cybercrime , Fraud Management & Cybercrime
Accenture Hit by Apparent Ransomware Attack
LockBit Takes Credit for the Incident on Its Darknet WebsiteThe consultancy Accenture, which offers cybersecurity services, confirmed Wednesday it had been hit by a cyber incident. The ransomware gang LockBit took credit for the attack.
See Also: Critical Condition: How Qilin Ransomware Endangers Healthcare
Dublin, Ireland-based Accenture declined to give details on when the incident occurred, its duration or the attack type.
"Through our security controls and protocols, we identified irregular activity in one of our environments," the company said in a statement provided to Information Security Media Group. "We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from backup."
The company added: "There was no impact on Accenture's operations, or on our clients' systems."
LockBit posted on its darknet "wall of shame" extortion website that it had removed an unstated amount of data from Accenture, which it said it intends to sell or make public.
Kevin Beaumont, head of the security operations center for London-based fashion retail giant Arcadia Group, is reporting the gang has followed through on its threat and has published the files.
Lockbit have started dumping data for Accenture.
— Kevin Beaumont (@GossiTheDog) August 11, 2021
Their portal is very slow and buggy, probably due to everybody downloading things (what a world).
The 2384 items also had subfolders with items below. pic.twitter.com/fnsd0XyGF2
LockBit
LockBit, which emerged in September 2019, was originally known as ABCD ransomware due to the .abcd extension it placed on encrypted files, according to a report from the threat research firm Emsisoft.
LockBit partnered with the Maze ransomware group in May 2020, and in August 2020, it began attacks on midsize U.S. companies, Interpol reported.
In June, LockBit launched the LockBit 2.0 ransomware-as-a-service operation and started an advertising campaign to recruit new affiliates, Emsisoft says.
Emsisoft says LockBit and its affiliates have been very active this year.
"There have been 9,955 submissions [about LockBit] to ID Ransomware, an online tool that helps the victims of ransomware identify which ransomware has encrypted their files," Emsisoft says. "We estimate that only 25 percent of victims make a submission to ID Ransomware."
Accenture's Scope
Accenture, which posted $44 billion in revenue in fiscal 2020, has 569,000 employees.
This year, the company purchased the Paris-based managed security services provider Openminded and the Brazilian managed security service provider Real Protect.
Ransomware Rampage
The Accenture incident is the latest in a long line of ransomware incidents striking targets including fuel supplier Colonial Pipeline Co., meat supplier JBS and the remote management software firm Kaseya.
Colonial Pipeline was struck in May by the DarkSide ransomware gang, resulting in the company shuttering its East Coast operation, causing fuel shortages and closed gas stations. Colonial paid a $4.4 million ransom to DarkSide, but the FBI was able to recover about $2.3 million for the company.
JBS was hit by a ransomware attack on May 30, causing the Brazil-based food supplier to pay REvil's $11 million ransom demand. The payment seems to have been made not just for the promise of a decryption tool, but also a guarantee from REvil that it would not leak stolen data.
The attack on Kaseya happened in early July, when attackers affiliated with the REvil - aka Sodinokibi - ransomware operation used vulnerabilities to exploit Kaseya's VSA software used by MSPs, 60 of which were infected. Three weeks after the attack, the company obtained a decryptor key from an unnamed source and has been able to unlock its clients' data.