Accenture on Wednesday confirmed that it was hit by a ransomware attack, with a hacker group using the LockBit ransomware reportedly threatening to release the company’s data and sell insider information.
CNBC reporter Eamon Javers Wednesday first broke the news about the attack in a tweet, writing that the hacker group in a post on the Dark Web wrote, “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases, reach us.”
Accenture, in an emailed response to a request for information from CRN US, confirmed the ransomware attack but said there was no impact on the company.
“Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected servers from back up. There was no impact on Accenture’s operations, or on our clients’ systems,” Accenture wrote.
The attacker used LockBit to attack the global consulting firm. LockBit, according to New Zealand-based cybersecurity company Emsisoft, is a strain of ransomware that prevents users from accessing infected systems until a ransom payment is made.
“It has been highly active since it emerged in September 2019 and has impacted thousands of organisations around the world. Many of LockBit’s attack functions are automated, making it one of the most efficient ransomware variants on the market,” Emisisoft wrote in a blog post.
VX Underground, which claims to have the Internet’s largest collection of malware source code, tweeted a timer supposedly from the hacker showing how much time before the attack on Accenture’s data starts. The time on the timer has already passed.
Accenture has been actively acquiring security companies since it found in 2017 that Accenture AWS S3 storage buckets were left unsecured on servers that were configured for public access and were publicly downloadable.
Recent security acquisitions include those of Sweden-based Sentor, U.K.-based Context Information Security, and the Symantec Cyber Security Services Unit from Broadcom.
Steve Burke and Michael Novinson contributed to this article.