Consulting Giant Accenture Hit by LockBit Ransomware

The criminal organization running the LockBit ransomware service published an announcement that it had successfully breached the defenses of consulting giant Accenture. The hackers claimed that they will soon start selling chunks of exfiltrated Accenture databases to any other criminal parties interested.

Accenture is a massive multi-national company with over half a million employees across the globe and offers consulting services to nearly all of the top 100 Fortune companies. Among Accenture's customers are household names such as Google, Dell and Microsoft.

LockBit boasted about their successful attack on Accenture on its website and offered to sell "some databases" that were allegedly exfiltrated during the attack. The hackers also didn't forget to try and poke fun at Accenture's security, but that's almost protocol now, with a lot of threat actors boasting after they manage to hit a big target.

So far LockBit have only shown a folder of supposedly stolen PDF files obtained from Accenture.

Accenture responded to the claims by announcing that the company had indeed spotted "irregular activity" on its network. However, Accenture claims to have taken decisive action and the attack has been quickly contained and the affected servers have been allegedly isolated.

More importantly, Accenture announced having already restored everything to normal working order, using its backups and claims there has been no meaningful impact on the company's work or on systems associated with its customers.

Researchers with security firm Cyble were quoted by ThreatPost, claiming that according to their information, the ransom LockBit demanded was $50 million and around 6TB of databases may have been exfiltrated from the Accenture servers.

The attack is attributed to a threat actor being referred to as LockBit 2.0 - a growing entity that is likely recruiting new members who were previously working with the REvil and DarkSide ransomware gangs before they seemingly closed shop.

Whether this allegedly huge volume of data was really successfully exfiltrated from Accenture's network remains to be seen.

August 12, 2021