Accenture hit by ransomware attack from LockBit gang
Accenture, one of the world’s largest technology consulting firms, has been targeted by ransomware gang LockBit.
The Dublin-based firm last week confirmed a cybersecurity incident, though it didn’t specifically classify it as a ransomware attack. The consultancy claims the attack had no impact on it or its systems.
“Through our security controls and protocols, we identified irregular activity in one of our environments,” said Accenture spokesperson Stacey Jones in a statement. “We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from back up. There was no impact on Accenture's operations, or on our clients' systems.”
Russian-speaking ransomware gang LockBit claimed responsibility for the attack last Tuesday. The group set a ransom deadline for Thursday, August 12, demanding $50 million for 6 terabytes of data, according to cybercrime monitoring firm Cyble.
VX Underground, which claims to have the largest collection of malware source code on the internet, tweeted that LockBit released more than 2,000 files to the dark web for brief time, including case studies and presentations.
LockBit has been active since September 2019, and has targeted thousands of organisations. The group in October 2020 attacked Press Trust of India, downing the news giant’s operations for hours. Press Trust survived the attack without paying a ransom.
Cyber experts generally discourage the paying of ransoms for numerous reasons. One is the incentivisation of future attacks. Ransom payers also don’t necessarily get all their data back, and what they do get back likely can’t be trusted.
Technology consulting firms need to be extra vigilant against security threats, since most sell technology and cybersecurity services to their clients. How can they be trusted to offer quality service if they can’t prevent breaches of their own operations? Add to that the fact that consulting firms hold especially sensitive client information, and it’s even more critical that consultancies maintain the highest cyber defenses.
Breaches do occur, nevertheless. Deloitte was humbled in 2017 when it admitted its company email server, based on the Microsoft Azure cloud, was breached by hackers.