Internet technology company Accenture on Wednesday, August 11 confirmed a ransomware attack made against it.
ThreatPost reported on August 11 that ransomware-as-a-service group LockBit 2.0 hit Accenture with its ransomware, threatening to leak and otherwise sell the data unless a ransom was paid.
The attack has been partly mitigated, with Accenture saying they have been able to restore their data but the ransomware group is still threatening to release the alleged stolen information.
The company said in a statement, “Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers.”
“We fully restored our affected systems from backup, and there was no impact on Accenture’s operations, or on our clients’ systems.”
Accenture did not address what data may have been taken by the ransomware group.
A ZDNet report said no sensitive Accenture files were released after a ransomware countdown timer put up by the ransomware group ran out, but rather marketing materials were released.
The LockBit group, however, reset the timer for August 12, 20:43 UTC (August 13, 4:43 am Philippine time), the implication being there are more documents they are threatening to leak.
A possible inside job?
On Twitter, researchers from cybersecurity firm Cyble noted that the LockBit group has a known history of “hiring corporate employees to gain access to targets’ networks.”
The threat actors alleged that this was an insider job, “by someone who is still employed there,” though Cyble said it was “unlikely.”
Cyble said that LockBit claimed to have made off with databases of over 6TB and that it demanded $50 million as ransom.
Threat intelligence firm Hudson Rock meanwhile said 2,500 computers of employees and partners were compromised prior to the attack.
Hudson Rock pointed out the possibility that these compromised computers could have been used to attack Accenture. – Rappler.com