Group claims to strike Accenture in ransomware attack

(“Accenture Building City View Plaza San Jose” by mrkathika is licensed under CC BY-SA 2.0)

A group using the LockBit ransomware says it struck the IT consulting firm Accenture and threatened to release data within hours.

CNBC reporter Eamon Javers on Wednesday first reported on Twitter that a group used the ransomware on the company and later reported that nearly 2,400 files, including PowerPoints and case studies, were briefly published to the dark web. The data became inaccessible due to high demand, according to vx-underground, which claims to be "the largest collection of malware source code, samples, and papers on the internet." Vx-underground noted the hacker group re-set the clock on when it would re-release the data to Aug. 12.

A screenshot allegedly from the LockBit group was posted to the Twitter account of vx-underground, which had the note: “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases reach us.”

In a statement provided to SC Media, Accenture said it identified irregular activity through security controls and protocols, and isolated the affected servers. “We fully restored our affected systems from back up. There was no impact on Accenture’s operations, or on our clients’ systems.”

The LockBit ransomware emerged in September 2019 and blocks users from accessing infected systems until the requested ransom payment has been made, according to a blog by cybersecurity vendor Emsisoft.

Ian McShane, Arctic Wolf's field CTO, noted that studies and reports show that a majority of breaches involve the human element, which the attacker claims to have exploited in the Accenture incident.

“With this particular adversary claiming to have compromised a ‘corporate insider,’ it just goes to show that even organizations with large security budgets cannot buy a silver bullet product or tool to solve cybersecurity,” McShane said in a statement.

Hitesh Sheth, president and CEO of Vectra, said it was too soon for outside observers to assess the damage, but news of the attack served as a reminder to businesses to scrutinize security standards at their vendors, partners and providers.

“Every enterprise should expect attacks like this — perhaps especially a global consulting firm with links to so many other companies,” said Sheth. It’s how you anticipate, plan and recover from attacks that counts.”

Correction: An earlier version of this story misidentified Arctic Wolf Field CTO Ian McShane's title.

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.