Free Newsletters for the Channel
Register for Your Free Newsletter Now
Accenture says there was no impact on its operations, or on its clients’ systems.
August 11, 2021
The LockBit ransomware group reportedly launched a ransomware attack on professional services provider Accenture.
Accenture says there’s been no damage from the attack.
According to ZDNet, Accenture was listed on LockBit’s site next to a timer that was set to go off Wednesday. The group also included a note saying: “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases, reach us.”
Accenture spokesperson Stacey Jones sent us the following statement:
Accenture’s Stacey Jones
“Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from backup. There was no impact on Accenture’s operations, or on our clients’ systems.”
Ron Bradley is vice president of Shared Assessments, a security vendor.
Shared Assessments’ Ron Bradley
“This is a prime example of the difference between business resiliency and business continuity,” he said. “Business resiliency is like being in a boxing match. You take a body blow, but can continue the fight. Business continuity comes into play when operations have ceased or [are] severely impaired and you have to make major efforts to recover.”
This particular example with Accenture is interesting in the fact that it was a known/published vulnerability, Bradley said.
“The ability for Accenture to manage the repercussions of potentially stolen data will be an important lesson for many organizations going forward,” Bradley said.
Tony Bradley is Cybereason‘s director of content marketing. He said LockBit uses a ransomware-as-a-service (RaaS) model.
“Similar to DarkSide and REvil, LockBit offers its ransomware platform for other entities or individuals to use based on an affiliate model,” he said. “Any ransom payments received from using LockBit are divided between the customer directing the attack and the LockBit gang.”
Related to the LockerGoga and MegaCortex malware families, LockBit shares common tactics, techniques and procedures with these malicious attacks. In particular, it can propagate automatically to new targets.
Moreover, LockBit continues to adapt and evolve, Bradley said.
“More recent variants have adopted the double extortion model — locating and exfiltrating valuable data before encrypting systems,” he said. “The stolen data provides additional incentive for victims to pay the ransom.”
You May Also Like
The Gately Report: Trellix Partners Shielding SMBs from RansomwareFeb 26, 2024
Cloud Computing News: AWS Loses Another Key Exec to Azure; Canalys, Vega Cloud, Hyve NewsFeb 23, 2024
Channel Futures Reveals 2024 Circle of Excellence InducteesFeb 23, 2024
Canalys Channel Leadership Matrix Names AWS, Cisco, HP Among 'Champions'Feb 22, 2024