Accenture Hit By Ransomware Attack, Latest Victim Of Cyber-Pandemic
Accenture on Wednesday confirmed that it was hit by a ransomware attack, with a hacker group using the LockBit ransomware reportedly threatening to release the company’s data and sell insider information.
CNBC reporter Eamon Javers Wednesday first broke the news about the attack in a tweet, writing that the hacker group in a post on the Dark Web wrote, “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases, reach us.”
Accenture, in an emailed response to a request for information from CRN, confirmed the ransomware attack, but said there was no impact on the company.
“Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected servers from back up. There was no impact on Accenture’s operations, or on our clients’ systems,” Accenture wrote.
The attacker used LockBit to attack the global consulting firm, which is No. 1 on CRN’s 2021 Solution Provider 500 list. LockBit, according to New Zealand-based cybersecurity company Emisisoft, is a strain of ransomware that prevents users from accessing infected systems until a ransom payment is made.
“It has been highly active since it emerged in September 2019 and has impacted thousands of organizations around the world. Many of LockBit’s attack functions are automated, making it one of the most efficient ransomware variants on the market,” Emisisoft wrote in a blog post.
VX Underground, which claims to have the Internet’s largest collection of malware source code, tweeted a timer supposedly from the hacker showing how much time before the attack on Accenture’s data starts. The time on the timer has already passed.
Michael Goldstein, CEO of LAN Infotech, a Fort Lauderdale, Fla., solution provider that was affected by the recent Kaseya MSP ransomware attack, told CRN he was “stunned” to learn that Accenture was the latest victim of a ransomware attack.
“Accenture is a well-respected company that I am sure is spending an exorbitant amount of money on security,” he said. “But they have a lot of ground to cover. It’s very hard to protect a multi-national company like Accenture.”
Goldstein said the Accenture breach is yet another call to action for every company to review their security technology posture and procedures. “If a $45 billion company like Accenture is vulnerable then everyone is vulnerable,” he said.
Goldstein said his advice to his customers is move quickly to beef up cybersecurity. “It’s easier for smaller companies to move quickly to protect themselves with the appropriate software and tools that are out there rather than a large company Accenture,” he said.
Cybercrime remains the number one issue impacting companies worldwide, Goldstein said. “We are in the midst of a cyber-pandemic,” he said. “As an industry and as a country we have got to get our arms around this.”
Accenture has been actively acquiring security companies since it found in 2017 that Accenture AWS S3 storage buckets were left unsecured on servers that were configured for public access and were publicly downloadable.