Accenture Fights Off LockBit Ransomware Attack

The LockBit ransomware group reportedly launched a ransomware attack on professional services provider Accenture.

Accenture says there’s been no damage from the attack.

According to ZDNet, Accenture was listed on LockBit’s site next to a timer that was set to go off Wednesday. The group also included a note saying: “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases, reach us.”

Accenture spokesperson Stacey Jones sent us the following statement:

Accenture’s Stacey Jones

“Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from backup. There was no impact on Accenture’s operations, or on our clients’ systems.”

Timely Patching Important

Ron Bradley is vice president of Shared Assessments, a security vendor.

Shared Assessments’ Ron Bradley

“This is a prime example of the difference between business resiliency and business continuity,” he said. “Business resiliency is like being in a boxing match. You take a body blow, but can continue the fight. Business continuity comes into play when operations have ceased or [are] severely impaired and you have to make major efforts to recover.”

This particular example with Accenture is interesting in the fact that it was a known/published vulnerability, Bradley said.

“The ability for Accenture to manage the repercussions of potentially stolen data will be an important lesson for many organizations going forward,” Bradley said.

How LockBit Operates

Tony Bradley is Cybereason‘s director of content marketing. He said LockBit uses a ransomware-as-a-service (RaaS) model.

“Similar to DarkSide and REvil, LockBit offers its ransomware platform for other entities or individuals to use based on an affiliate model,” he said. “Any ransom payments received from using LockBit are divided between the customer directing the attack and the LockBit gang.”

Related to the LockerGoga and MegaCortex malware families, LockBit shares common tactics, techniques and procedures with these malicious attacks. In particular, it can propagate automatically to new targets.

Moreover, LockBit continues to adapt and evolve, Bradley said.

“More recent variants have adopted the double extortion model — locating and exfiltrating valuable data before encrypting systems,” he said. “The stolen data provides additional incentive for victims to pay the ransom.”