Sponsored By

Accenture Fights Off LockBit Ransomware Attack

Accenture says there was no impact on its operations, or on its clients’ systems.

Edward Gately

August 11, 2021

2 Min Read
Ransomware skull and crossbones
Shutterstock

The LockBit ransomware group reportedly launched a ransomware attack on professional services provider Accenture.

Accenture says there’s been no damage from the attack.

According to ZDNet, Accenture was listed on LockBit’s site next to a timer that was set to go off Wednesday. The group also included a note saying: “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases, reach us.”

Accenture spokesperson Stacey Jones sent us the following statement:

Jones-Stacey_Accenture.jpg

Accenture’s Stacey Jones

“Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from backup. There was no impact on Accenture’s operations, or on our clients’ systems.”

Timely Patching Important

Ron Bradley is vice president of Shared Assessments, a security vendor.

Bradley-Ron_Shared-Assessments.jpg

Shared Assessments’ Ron Bradley

“This is a prime example of the difference between business resiliency and business continuity,” he said. “Business resiliency is like being in a boxing match. You take a body blow, but can continue the fight. Business continuity comes into play when operations have ceased or [are] severely impaired and you have to make major efforts to recover.”

This particular example with Accenture is interesting in the fact that it was a known/published vulnerability, Bradley said.

“The ability for Accenture to manage the repercussions of potentially stolen data will be an important lesson for many organizations going forward,” Bradley said.

How LockBit Operates

Tony Bradley is Cybereason‘s director of content marketing. He said LockBit uses a ransomware-as-a-service (RaaS) model.

“Similar to DarkSide and REvil, LockBit offers its ransomware platform for other entities or individuals to use based on an affiliate model,” he said. “Any ransom payments received from using LockBit are divided between the customer directing the attack and the LockBit gang.”

Related to the LockerGoga and MegaCortex malware families, LockBit shares common tactics, techniques and procedures with these malicious attacks. In particular, it can propagate automatically to new targets.

Moreover, LockBit continues to adapt and evolve, Bradley said.

“More recent variants have adopted the double extortion model — locating and exfiltrating valuable data before encrypting systems,” he said. “The stolen data provides additional incentive for victims to pay the ransom.”

Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn.

Read more about:

MSPsVARs/SIs

About the Author(s)

Edward Gately

Senior News Editor, Channel Futures

As news editor, Edward Gately covers cybersecurity, new channel programs and program changes, M&A and other IT channel trends. Prior to Informa, he spent 26 years as a newspaper journalist in Texas, Louisiana and Arizona.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like