Accenture LockBit Attack Reconfirms Ransomware is Running Rampant

Ransomware attacks are increasing in number and intensity every passing week, and global IT consultancy giant Accenture has become the latest company to be hit by the LockBit ransomware, according to the cyber criminal group’s website.

Accenture’s clients include 91 of the Fortune Global 100 and more than three-quarters of the Fortune Global 500, including e-commerce giant Alibaba, Cisco and Google. Valued at $44.3 billion, Accenture is one of the world’s largest tech consultancy firms, and employs around 569,000 people across 50 countries.

In a post on its Dark Web site, LockBit offered up Accenture databases for sale, taking a jibe at Accenture’s ‘pathetic security’. Accenture’s encrypted files will be published by the group on the dark web unless the company pays the ransom, LockBit claims, according to screenshots of the ransomware group’s website.

The LockBit ransomware gang first emerged in September 2019 and in June 2021 launched LockBit 2.0 along with an advertising campaign to recruit new partners. Some of LockBit’s past victims include the Press Trust of India and Merseyrail.

On Twitter, researchers from cybersecurity firm Cyble noted that the LockBit group has a known history of “hiring corporate employees to gain access to targets’ networks.”

Impact or ‘no impact’?

Reports show that Accenture has given little weight to the attack, with the company saying that it has had “no impact” on the business.

In a statement provided to news site CNN, an Accenture spokesperson said, “Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers.”

“Victims have received demands for ransom payments. In addition to data encryption, victims have received threats that data stolen during the incidents will be published.”

However, the ransomware group is still threatening to release the alleged stolen information. The hackers reportedly published over 2,000 files to the Dark Web, including PowerPoint presentations, case studies, quotes, and so on.

This is not the first time Accenture has had to deal with a data exposure. Back in 2017, the company, alongside several others, fell victim to a data exposure after it failed to properly set security settings on an AWS storage bucket, leaving sensitive corporate data exposed to the general public.

In recent years, however, Accenture has invested heavily in security. In the last 12 months, it is acquired over 40 companies, several of them are security-focused companies, including Novetta, Sentor, the Symantec Cyber Security Services Unit of Broadcom, Redcore and FusionX, to name a few.

While these security expertise can work in favor of the company, Darren Guccione, CEO and Co-Founder of Keeper Security believes that falling victim to a ransomware attack involves not just the financial damage or how soon the problem was mitigated; rather there’s a reputational damage, which is often disastrous.

Keeper Security’s 2021 Ransomware Impact Report states that over two-thirds of the respondents permanently lost login credentials or important documents as a result, indicating that the best time to install significant security updates is way before the incident and now as an afterthought.

In Accenture’s case too, we need to wait for the details to know what exactly was the impact, if any. But there are certain areas that need immediate attention, as Jaydeep Ruparelia, Co-Founder & CEO of Global Managed Security Services company, Infopercept Consulting says, “The companies that are working with Accenture should be on high alert considering this attack and should work on threat hunting which is identifying the unusual activities in their networks and systems.”

2021, a year of high-profile Ransomware attacks

 The Accenture incident is the latest in a long line of ransomware incidents striking targets including fuel supplier Colonial Pipeline Co., meat supplier JBS and the IT software firm Kaseya.

Colonial Pipeline was struck in May by the DarkSide ransomware gang, resulting in the company shuttering its East Coast operation, causing fuel shortages and closed gas stations. Colonial paid a $4.4 million ransom to DarkSide, but the FBI was able to recover about $2.3 million for the company.

JBS was hit by a ransomware attack on May 30, causing the Brazil-based food supplier to pay REvil’s $11 million ransom demand. The payment seems to have been made not just for the promise of a decryption tool, but also a guarantee from REvil that it would not leak stolen data.

The attack on Kaseya happened in early July, when attackers affiliated with the Russian group REvil, which experts believe is a catastrophic combination of notorious cyber attack trends, supply chain attacks and ransomware. Three weeks after the attack, the company obtained a decryptor key from an unnamed source and has been able to unlock its clients’ data.

More recently, Saudi Aramco, the world’s most valuable oil producer that confirmed the leaked data from the company files has been used in a cyber-extortion in which hackers demanded a $50 million ransom.

Ransomware attacks to proliferate

According to SonicWall Cyber Threat Report, in the first half of 2021, ransomware attacks skyrocketed, eclipsing the entire volume for 2020 in only six months. With high-profile attacks against established technology and infrastructure, ransomware is now more prevalent than ever. Through the first half of 2021, it recorded global ransomware volume of 304.7 million, a 150% over last year.

“The continued rise of ransomware, cryptojacking and other unique forms of malware targeted at monetization, along with their evolution of tactics, are evidence that cybercriminal activity always follows the money and rapidly adapts to new opportunities and changing environments,” SonicWall Vice President of Platform Architecture Dmitriy Ayrapetov says.

A recent Check Point Research also points to newer techniques such as ‘Triple Extortion’ ransomware technique in which, besides to stealing sensitive data from organizations and threatening to release it publicly unless a payment is made, attackers are now targeting organizations’ customers and/or business partners and demanding ransom from them too.

Maya Horowitz, VP Research at Check Point Software believes as ransomware attacks will continue to proliferate in the coming months, organizations should be aware of the risks and ensure that they have the appropriate solutions in place to prevent, without disrupting the normal business flow, the majority of attacks including the most advanced ones.”

Ruperelia states that adversaries usually take time to launch cyberattacks post their entry and this is the time that companies can utilize to hunt for threats and neutralize them. He gives the example of moving Target Defense and Deception are the two of the most recent technologies that can help organizations to carry on detection of compromise in their systems.

With the threat landscape becoming complex, experts believe that these attacks should act as wake-up calls for other global companies in order to guard their turfs.