Accenture, the multinational consulting firm with tens of billions USD in annual revenue and over half a million employees worldwide, is being blackmailed by the LockBit ransomware group, which has launched a successful attack against them.
The countdown counter on the actor's Tor site has a little more than six hours left before all of the stolen data is published for everyone to see. Still, the firm doesn’t appear to be worried about this, claiming that the impact is minimal, the incident was isolated, and they already restored from backups. Client systems and all operations remained unaffected, so Accenture hasn’t made any effort to negotiate the payment of the ransom.
At some point yesterday, the counter reached zero. The actors published some documents that didn’t appear to contain very sensitive data, so this could be just a warning or an act to prove the legitimacy of the claims. However, it may also mean that the actors don’t really have anything valuable in their hands to proceed with the extortion. If Accenture contained the damage on certain secondary-importance servers as they claim, this could indeed be the case here.
Hitesh Sheth, President & CEO at cybersecurity expert ‘Vectra,’ tells us:
In the meantime, cyber-intelligence firm Cyble has also published a Tweet where it sums up what its radars have been able to catch, speaking about the possibility of this being an insider job by someone who is still employed in Accenture, putting the ransom amount to $50 million, and the size of the stolen data at 6TB. We have no way to confirm any of that, so we’re reproducing it with caution.
LockBit kicked off the second generation of its affiliate RaaS program this June, and the attack on Accenture is one of the most prominent and high-profile they achieve since their reboot.