Ransomware group demanding US$50M in Accenture security breach: cyber firm – Security
The hacker group behind a ransomware attack on global solution provider giant Accenture has made a ransom demand for US$50 million, according to a cybersecurity firm that reports seeing the demand.
The threat actor is demanding the US$50 million in exchange for more than 6 TB of data, according to a tweet from Cyble, a dark web and cybercrime monitoring firm.
On Thursday, Accenture said it did not have any updates to its statement—and referred CRN to a statement provided on Wednesday saying that it “contained the matter and isolated the affected servers” and that “there was no impact on Accenture’s operations, or on our clients’ systems.”
In the attack disclosed on Wednesday, the hacker group reportedly used LockBit ransomware to target Accenture. LockBit, according to New Zealand-based cybersecurity company Emisisoft, is a strain of ransomware that prevents users from accessing infected systems until a ransom payment is made.
The incident follows the July attack on Kaseya by ransomware operator REvil, which included a US$70 million demand to decrypt victim files. Kaseya later said it obtained a REvil ransomware decryptor, but did not pay the ransom.
If a ransom demand to Accenture has in fact been made, one solution provider executive said he hopes Accenture refuses to pay it.
VX Underground, which claims to have the Internet’s largest collection of malware source code, on Wednesday tweeted a timer supposedly from the hacker group showing the amount of time before the attack on Accenture’s data would start. The time on the timer eventually passed.
However, on Wednesday, CNBC reported that the hackers behind the Accenture attack did end up publishing more than 2,000 files to the dark web, including PowerPoint presentations and case studies.
VX-Underground tweeted that the LockBit ransomware group released 2,384 files for a brief time, but those files were inaccessible because of TOR domain outages probably due to the high traffic. The organisation said there is more to come as the LockBit attack clock was restarted with a new date of Aug. 12, 2021, 20:43 UTC, or 6:43 a.m. AEST Friday.
Accenture CEO Julie Sweet, talking with investors in June 2021 during the company’s fiscal third quarter call with analysts, said her company has a strong focus on security.
Accenture has seen double-digit growth which was driven by advisory, cyber defense and manage security services, Sweet said. With its recent acquisition of Novetta, which serves U.S. federal organisations, Accenture can scale and diversify across federal business, specifically in the national security sector, which Sweet said is experiencing substantial growth.
More than one third of all organisations globally have experienced a ransomware incident over the past 12 months, according to research firm IDC, which disclosed the findings from a new survey on ransomware attacks Thursday.