$50M payment demanded from Accenture in ransomware attack
Information technology consulting giant Accenture PLC has been struck by ransomware that resulted in customer data stolen.
The attack is believed to have taken place today. The LockBit 2.0 ransomware gang took responsibility, claiming to have stolen 6 terabytes of data. It demanded a $50 million ransom be paid or the stolen data would be published.
According to Security Affairs, the initial deadline for the payment has since passed and the gang has published at least some data to its page on the dark web, a shady corner of the internet reachable with special software. A separate report from researcher Andrea Draghetta just before 6 p.m. EDT suggested, however, that the Accenture data release had been postponed and a new deadline set.
— Andrea Draghetti 👨🏻💻 🎣 (@AndreaDraghetti) August 11, 2021
How LockBit 2.0 gained access to Accenture’s network is unclear, but there is some suggestion that it could be an inside job. The gang itself wrote on its dark web page that “these people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases, reach us.”
That an insider may have been involved has some credence. A report from Bleeping Computer on Aug. 4 noted that the LockBit 2.0 ransomware was actively recruiting corporate insiders to help breach and encrypt networks.
Accenture itself did not provide much in the way of details. A spokesperson told CNN that “through our security controls and protocols, we identified irregular activity in one of our environments.”
“We immediately contained the matter and isolated the affected servers,” the spokesperson added. “We fully restored our affected servers from back up. There was no impact on Accenture’s operations or on our clients’ systems.”
According to the Australian Cyber Security Center, LockBit 2.0 was first detected in September 2019 and is offered on a ransomware-as-a-service basis. The ransomware is known to be a double-tap variant where files are both encrypted and stolen with payment demanded for a decryption key and not publishing the stolen data.
“First reports suggest Accenture had data backup protocols in place and moved quickly to isolate affected servers,” Hitesh Sheth, president and chief executive officer at AI cybersecurity company Vectra AI Inc., told SiliconANGLE. “It’s too soon for an outside observer to assess the damage.”
But Sheth added that this is yet another reminder to businesses to scrutinize security standards at their vendors, partners and providers. “Every enterprise should expect attacks like this – perhaps especially a global consulting firm with links to so many other companies,” he said. “It’s how you anticipate, plan for and recover from attacks that counts.”
Photo: Michael Gray/Flickr
A message from John Furrier, co-founder of SiliconANGLE:
Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.
We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.