Accenture Suffers a Major Ransomware Attack
Table of Contents
- By Dawna M. Roberts
- Published: Aug 20, 2021
- Last Updated: Mar 18, 2022
Accenture, a global information technology consulting firm, suffered a major ransomware attack this week. The LockBit ransomware gang took responsibility for the attack.
What Happened?
In the wake of REvil and DarkSide’s departure, the LockBit ransomware group has stepped in to fill the void, and as a result, Accenture, IT consultancy firm was targeted and attacked by this group.
The hackers posted on their forum about Accenture, “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider.”
Accenture restored all their systems from solid backups, so no real damage was done.
The Hacker News explains “LockBit, like it's now-defunct DarkSide and REvil counterparts, operates using a ransomware-as-a-service (RaaS) model, roping in other cybercriminals (aka affiliates) to carry out the intrusion using its platform, with the payments often divided between the criminal entity directing the attack and the core developers of the malware.”
How Did Accenture Respond?
Accenture is based out of Dublin, Ireland, and didn’t say much about the incident. Instead, in a statement to Information Security Media Group, the company said, “Through our security controls and protocols, we identified irregular activity in one of our environments. “We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from backup.”
Their tidy resolution of the mess didn’t provide any juicy details about when the attack occurred, how long it went on, or when they discovered it.
Accenture added:
“There was no impact on Accenture’s operations or on our clients’ systems.”
Other than that, Accenture declined any further comment.
Who is LockBit?
LockBit ransomware is a group of cybercriminals who operate using a ransomware-as-a-service (RaaS) model. Additionally, they have a dark website which they use to post information about their latest conquests.
After this attack, LockBit posted on their “wall of shame” that they had acquired a good deal of information from Accenture, which they plan on selling or posting publicly.
According to Data Breach Today, “LockBit, which emerged in September 2019, was originally known as ABCD ransomware due to the .abcd extension it placed on encrypted files, according to a report from the threat research firm Emsisoft.”
Emsisoft also noted that “LockBit also claims to offer the fastest data exfiltration on the market through StealBit, a data theft tool that can allegedly download 100 GB of data from compromised systems in under 20 minutes.”
Interpol discovered that for a time, LockBit partnered with the Maze group back in May 2020 to attack midsized companies.
LockBit released LockBit 2.0 in June of this year and started advertising for new recruits. LockBit is becoming a significant player in the ransomware gang, as Data Breach Today explains:
“There have been 9,955 submissions [about LockBit] to ID Ransomware, an online tool that helps the victims of ransomware identify which ransomware has encrypted their files,” Emsisoft says. “We estimate that only 25 percent of victims make a submission to ID Ransomware.”
Ransomware Threats Heating Up
Even with REvil and DarkSide disappearing from the landscape, other gangs like LockBit have rushed in to take their place. Over the past few months hackers have waged some major attacks against infrastructure and private industry.
The Colonial Pipeline attack sent ripples of unrest up and down the East coast. Next, JBS meat suppliers cause shortages and panic. Then the Kaseya attack in June is the latest in a long line of attacks designed to disrupt operations and net hackers a hefty profit.
Ransomware has become one of the most prevalent threats in the world today. In response, the U.S. government has enacted increasingly strict laws regarding ransomware and sanctions against other countries.
