Accenture is the latest victim of the LockBit ransomware gang.
LockBit Ransomware Hits Accenture
The cybercriminals recently posted the name and logo of the company, which is a global business consulting firm. As such, Accenture’s clients include 91 names of the Fortune Global 100, and at least three-quarters of the Fortune Global 500. Some of its clients are Alibaba, Google and Cisco. This is one of the world’s leading tech consultant companies, with more than 500,000 employees across 50 countries.
Following the attack, the LockBit RaaS gang offered for sale Accenture’s databases. Security Affairs reported that, once the ransom payment deadline was reached, a leak side displayed a folder named W1 which contained a collection of PDF documents. Accenture has confirmed the attack. According to its statement, the company identified irregular activity in one of its environments, but quickly proceeded with isolating the compromised servers. “We fully restored our affected servers from backup, and there was no impact on Accenture’s operations, or on our clients’ systems,” Accenture said.
Security researchers say that the cybercrime gang that hit the company is known as LockBit 2.0. It is noteworthy that Cyble researchers suggested that the attack could have been an insider job. According to a tweet Cyble shared, LockBit has been hiring corporate employees to gain access to their targets’ networks.
Following a series of high-profile, large-scale ransomware attacks, security researchers outlined a new extortion trend. Called triple extortion, it is the expansion to the double extortion technique, which integrates an additional threat to the process (hence the name). The first ransomware attack that illustrates the technique took place in October 2020. The Finnish Vastaamo clinic had its internal systems accessed and the data of its 400 employees and approximately 40,000 patients stolen.
Then, in February 2021, the REvil/Sodinokibi gang announced they added two stages to their regular ransom scheme – DDoS attacks and phone calls to the victim’s business partners and the media. It is noteworthy that the REvil group is now offering DDoS services and voice-scrambled VoIP calls to journalists and colleagues of victims as a free service added to its RaaS package.
This technique aims to increase the chances of ransom payments within the given deadline.
“Third-party victims, such as company clients, external colleagues and service providers, are heavily influenced, and damaged by data breaches caused by these ransomware attacks, even if their network resources are not targeted directly,” Check Point added in a recent report.
What would the outcomes of Accenture’s ransomware attack be?
According to Hitesh Sheth, president and CEO at Vectra said in a conversation with ThreatPost that “all businesses should expect attacks like this, but particularly a global consultancy firm with links to so many companies.”
“It’s too soon for an outside observer to assess damage. However, this is yet another reminder to businesses to scrutinize security standards at their vendors, partners, and providers. Every enterprise should expect attacks like this – perhaps especially a global consulting firm with links to so many other companies. It’s how you anticipate, plan for and recover from attacks that counts,” Sheth pointed out.