Accenture responds to LockBit ransomware attack

Consulting giant Accenture was breached by ransomware threat actors Wednesday, but the company said it contained the attack and no customer systems were affected.

Hackers operating the LockBit ransomware claimed on Wednesday to have infiltrated Accenture's network and set a four-hour countdown. Should Accenture fail to pay the ransom, the hackers said, the pilfered data would be released. Curiously, the hackers also said they were looking to sell the data, making the threat of a public release in just four hours a strange decision.

By midday, however, the countdown had come and gone, and while some data was released, experts said there was little in the way of anything that cybercriminals would have found useful. The data that was disclosed appeared, at first glance, to be little more than corporate communications absent of any customer data or sensitive information.

This might be for good reason, as Accenture confirmed that while the intruders, indeed, broke into one of its networks, they were unable to infiltrate any of its more valuable databases or access customer information.

"Through our security controls and protocols, we identified irregular activity in one of our environments," an Accenture spokesperson confirmed in a statement to SearchSecurity.

"We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from backup. There was no impact on Accenture's operations or on our clients' systems."

In short, Accenture called the hackers' bluff. But several infosec researchers noted that following the release of approximately 2,300 files, the deadline clock for Accenture was reset for Thursday, Aug. 12.

LockBit operates on the same ransomware-as-a-service model as other popular ransomware families like Maze, farming the actual work of infiltrating the network and planting the malware out to "affiliate" hackers, in exchange for a cut of the eventual payment. This means on any given day, the people doing the actual infiltration work can range from experienced hackers to novice "script kiddies."

At one point, LockBit was said to be working with fellow ransomware gangs to develop a "cartel" setup for ransomware operators.

While Accenture is not elaborating on the nature of the attack or just what data was stolen, the company appears to be confident that nothing of considerable value was lifted; the consulting firm apparently refused to dole out any ransom payment.

This is not the first time Accenture has had to deal with a data exposure. Back in 2017, the consultancy was one of the parade of companies to fall victim to a data exposure after it failed to properly set security settings on an AWS storage bucket, leaving sensitive corporate data exposed to the general public.