Shutterstock
Accenture Fights Off LockBit Ransomware Attack
The LockBit ransomware group reportedly launched a ransomware attack on professional services provider Accenture.
Accenture says there’s been no damage from the attack.
According to ZDNet, Accenture was listed on LockBit’s site next to a timer that was set to go off Wednesday. The group also included a note saying: “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases, reach us.”
Accenture spokesperson Stacey Jones sent us the following statement:
Accenture’s Stacey Jones
“Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from backup. There was no impact on Accenture’s operations, or on our clients’ systems.”
Timely Patching Important
Ron Bradley is vice president of Shared Assessments, a security vendor.
Shared Assessments’ Ron Bradley
“This is a prime example of the difference between business resiliency and business continuity,” he said. “Business resiliency is like being in a boxing match. You take a body blow, but can continue the fight. Business continuity comes into play when operations have ceased or [are] severely impaired and you have to make major efforts to recover.”
This particular example with Accenture is interesting in the fact that it was a known/published vulnerability, Bradley said.
“The ability for Accenture to manage the repercussions of potentially stolen data will be an important lesson for many organizations going forward,” Bradley said.
How LockBit Operates
Tony Bradley is Cybereason‘s director of content marketing. He said LockBit uses a ransomware-as-a-service (RaaS) model.
“Similar to DarkSide and REvil, LockBit offers its ransomware platform for other entities or individuals to use based on an affiliate model,” he said. “Any ransom payments received from using LockBit are divided between the customer directing the attack and the LockBit gang.”
Related to the LockerGoga and MegaCortex malware families, LockBit shares common tactics, techniques and procedures with these malicious attacks. In particular, it can propagate automatically to new targets.
Moreover, LockBit continues to adapt and evolve, Bradley said.
“More recent variants have adopted the double extortion model — locating and exfiltrating valuable data before encrypting systems,” he said. “The stolen data provides additional incentive for victims to pay the ransom.”
| Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
Successfully fight off? Is this supposed to be a joke or a paid advertisement from Accenture? the fact that ransomware was able to spread in their environment to a degree where they needed to restore data is a major failure for Accenture and a win for the attackers. I don’t know how Accenture can state that there was no impact to the operations. Anyone involved in the cybersecurity market today knows that prematurely calling that none of your systems, data and customer data were affected at this stage is a suicide. Attackers are claiming they have 6TB+ of Accenture’s data. Whether that’s true or not, this should be a wake up call for Accenture and all of their customers today.