Accenture comes back to business after Lockbit ransomware attack

In the wake of DarkSide and REvil shutdown, IT giant attacked and threatened with data leak

The company managed to recover filesLockBit ransomware attacked an IT giant and threatened to lead client data online.

Global IT consultancy firm Accenture joined the long list of companies that were hit by the LockBit ransomware gang, which became even more active after the shutdown of the two most dangerous threats. It seems that LockBit 2.0 creators hacked Accenture’s databases, affected files, and then made a post on the Dark Web site offering said Accenture's databases up for sale, and even made fun of companies' sad security system. The post made by the malware creators:

These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider

However, as of right now, the company communicated that all of the affected systems are fully restored and back to work. The threat was identified by a CNBC reporter who tweeted that the hacker group is bragging about attacking the IT consulting firm using LockBit ransomware. Private data and confidential client information were threatened to be released in several hours too.[1]

The company released a statement sharing that all irregular activities were immediately contained, affected servers were isolated, and fully restored from backup. Representatives of the company, while speaking on Wednesday, assured that all operations are safe and clients have nothing to worry about.[2]

Accenture has some high-profile clients that may be concerned and interested in recent events. The firm works with 91 of the Fortune Global 100 companies. According to its 2020 annual report, widely known e-commerce names like Alibaba, Cisco, and even Google itself are some of the most influential clients. However, Accenture is no small fish, as it is valued at $44.3 billion and is regarded as one of the world’s largest tech consultancy firms.

There is a possibility for an insider job

Some researchers seem to think that Accenture's hit was an insider job. Cyble researchers tweeted that the LockBit virus group has been hiring corporate employees to gain access to their targets’ networks, and this information is circulating for a while now. Even threat actors themselves alleged that the hack was an insider job by someone who is still employed there. However, it's unclear how much truth is behind such a statement.[3]

Since the in-depth research on the attack is not done yet, there are no official reports on whoever helped threat actors to gain access to the companies database. However, it is believed that obtained information could be used by hackers. There is a possibility that even later, certain demands for ransom payments could be received. In addition, it is still unclear whether victims individually received any threatening messages.

Ransomware attacks remain the biggest issue and a headache

In recent years ransomware attacks seem to be on the rise, especially the ones, connected to high level companies or even national government and economic sectors. However, a lack of cybersecurity could be pointed out. After such attacks, businesses are usually left in confusion and met with angered clients. It's clear that critical data is not safe from any cybercrime nowadays.[4]

LockBit ransomware is a virus that is borrowing tricks from other threats like REvil and Maze, so it can take ransomware attacks to the next level. Cybercriminals behind the malware use double extortion techniques to make victims pay the ransom. First, the attackers breach the company's network, begin gathering information, and later deploy the LockBit virus to directly affect found files.[5]

The first known ransomware virus, PC Cyborg, was recorded back in the day, in 1989, with victims infected via nowadays basically extinct floppy disk. Back then, hackers told victims to send a $189 cheque to an address in Panama[6]. Today, these hacks are far more sophisticated and are spreading rapidly due to technological evolvement. Therefore, cybersecurity and internet awareness should be taken into consideration from personal and business perspectives alike.

About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

Ugnius Kiguolis is a professional malware analyst who is also the founder and the owner of 2-Spyware. At the moment, he takes over as Editor-in-chief.

Contact Ugnius Kiguolis
About the company Esolutions