A group using the LockBit ransomware says it struck the IT consulting firm Accenture and threatened to release data within hours.
CNBC reporter Eamon Javers on Wednesday first reported on Twitter that a group used the ransomware on the company and later reported that nearly 2,400 files, including PowerPoints and case studies, were briefly published to the dark web. The data became inaccessible due to high demand, according to vx-underground, which claims to be "the largest collection of malware source code, samples, and papers on the internet." Vx-underground noted the hacker group re-set the clock on when it would re-release the data to Aug. 12.
A screenshot allegedly from the LockBit group was posted to the Twitter account of vx-underground, which had the note: “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases reach us.”
In a statement provided to SC Media, Accenture said it identified irregular activity through security controls and protocols, and isolated the affected servers. “We fully restored our affected systems from back up. There was no impact on Accenture’s operations, or on our clients’ systems.”
The LockBit ransomware emerged in September 2019 and blocks users from accessing infected systems until the requested ransom payment has been made, according to a blog by cybersecurity vendor Emsisoft.
Ian McShane, Arctic Wolf's field CTO, noted that studies and reports show that a majority of breaches involve the human element, which the attacker claims to have exploited in the Accenture incident.
“With this particular adversary claiming to have compromised a ‘corporate insider,’ it just goes to show that even organizations with large security budgets cannot buy a silver bullet product or tool to solve cybersecurity,” McShane said in a statement.
Hitesh Sheth, president and CEO of Vectra, said it was too soon for outside observers to assess the damage, but news of the attack served as a reminder to businesses to scrutinize security standards at their vendors, partners and providers.
“Every enterprise should expect attacks like this — perhaps especially a global consulting firm with links to so many other companies,” said Sheth. It’s how you anticipate, plan and recover from attacks that counts.”
Correction: An earlier version of this story misidentified Arctic Wolf Field CTO Ian McShane's title.