Business Continuity Management / Disaster Recovery , Cybercrime , Fraud Management & Cybercrime

Accenture Hit by Apparent Ransomware Attack

LockBit Takes Credit for the Incident on Its Darknet Website
Accenture Hit by Apparent Ransomware Attack
The note posted to LockBit's darknet website claiming responsibility for the Accenture attack

The consultancy Accenture, which offers cybersecurity services, confirmed Wednesday it had been hit by a cyber incident. The ransomware gang LockBit took credit for the attack.

See Also: Every Second Counts: 6-Step Ransomware Remediation Guide

Dublin, Ireland-based Accenture declined to give details on when the incident occurred, its duration or the attack type.

"Through our security controls and protocols, we identified irregular activity in one of our environments," the company said in a statement provided to Information Security Media Group. "We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from backup."

The company added: "There was no impact on Accenture's operations, or on our clients' systems."

LockBit posted on its darknet "wall of shame" extortion website that it had removed an unstated amount of data from Accenture, which it said it intends to sell or make public.

Kevin Beaumont, head of the security operations center for London-based fashion retail giant Arcadia Group, is reporting the gang has followed through on its threat and has published the files.


LockBit, which emerged in September 2019, was originally known as ABCD ransomware due to the .abcd extension it placed on encrypted files, according to a report from the threat research firm Emsisoft.

LockBit partnered with the Maze ransomware group in May 2020, and in August 2020, it began attacks on midsize U.S. companies, Interpol reported.

In June, LockBit launched the LockBit 2.0 ransomware-as-a-service operation and started an advertising campaign to recruit new affiliates, Emsisoft says.

Emsisoft says LockBit and its affiliates have been very active this year.

"There have been 9,955 submissions [about LockBit] to ID Ransomware, an online tool that helps the victims of ransomware identify which ransomware has encrypted their files," Emsisoft says. "We estimate that only 25 percent of victims make a submission to ID Ransomware."

Accenture's Scope

Accenture, which posted $44 billion in revenue in fiscal 2020, has 569,000 employees.

This year, the company purchased the Paris-based managed security services provider Openminded and the Brazilian managed security service provider Real Protect.

Ransomware Rampage

The Accenture incident is the latest in a long line of ransomware incidents striking targets including fuel supplier Colonial Pipeline Co., meat supplier JBS and the remote management software firm Kaseya.

Colonial Pipeline was struck in May by the DarkSide ransomware gang, resulting in the company shuttering its East Coast operation, causing fuel shortages and closed gas stations. Colonial paid a $4.4 million ransom to DarkSide, but the FBI was able to recover about $2.3 million for the company.

JBS was hit by a ransomware attack on May 30, causing the Brazil-based food supplier to pay REvil's $11 million ransom demand. The payment seems to have been made not just for the promise of a decryption tool, but also a guarantee from REvil that it would not leak stolen data.

The attack on Kaseya happened in early July, when attackers affiliated with the REvil - aka Sodinokibi - ransomware operation used vulnerabilities to exploit Kaseya's VSA software used by MSPs, 60 of which were infected. Three weeks after the attack, the company obtained a decryptor key from an unnamed source and has been able to unlock its clients' data.

About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to, TheStreet and Mainstreet.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.