Accenture hit by LockBit ransomware attack
By SSN Staff
Updated 10:34 AM CDT, Mon August 16, 2021
DUBLIN, Ireland—Accenture, a global cyber consulting company providing management and consulting services, has been breached by a cyber threat using a strain of ransomware known as LockBit.
LockBit attacks are known for their ability to encrypt Windows domains by using Active Directory group policies. Once a domain is infected, new group policies are generated by the malware and sent to devices linked to the network. Here, the policies disable the antivirus security and implement the malware.
LockBit ransomware was first observed in September 2019, and the malware has become significantly advanced since then. Once ransomware ads were barred on hacking forums, a new leak site was organized to showcase its latest variant, LockBit 2.0.
Using LockBit 2.0, the attacker claims to have stolen over 6TB of Accenture’s data and is demanding $50 million in exchange. LockBit operators claimed to have gained access to Accenture’s network and were preparing to leak files stolen from Accenture’s servers at 17:30:00 GMT on Wednesday, August 11.
The hack was announced on the leak site, stating that “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases reach us.”
Accenture released a statement on the day of the cyberattack, stating that "Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from backup, and there was no impact on Accenture's operations or on our clients' systems."
On Thursday, Aug. 12, Accenture said it did not have any updates to its initial statement.
Comments