Cyber intrusions by LockBit 2.0 ransomware operators are increasing across the globe. The Australian Cyber Security Centre (ACSC) recently warned about the rise in LockBit 2.0 ransomware attacks in Australia. The latest company to fall victim to LockBit is Accenture.
The global IT consultancy giant admitted that it identified unusual activity in its network systems after a report claimed that attackers would leak the compromised files on the dark web. While Accenture didn’t reveal what kind of data has been affected, cyberthreat research firm Cyble stated that attackers compromised servers that hold over 6TB of information, and demanded a $50 million ransom to decrypt it.
Potential insider job? We know #LockBit #threatactor has been hiring corporate employees to gain access to their targets’ networks.#ransomware #cyber #cybersecurity #infosec #accenture pic.twitter.com/ZierqRVIjj
— Cyble (@AuCyble) August 11, 2021
While multiple reports claimed that LockBit operators got hold of Accenture’s sensitive data, the company clarified that it’s not impacted by the security incident and restored its systems, retrieving data from backups.
“Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from backup, and there was no impact on Accenture’s operations or our clients’ systems,” Accenture said in a statement.
LockBit 2.0 Ransomware
LockBit 2.0 is the latest variant from LockBit and ABCD ransomware groups. The LockBit gang operates as a ransomware-as-a-service (RaaS) model appointing affiliates and malicious insiders to carry out intrusion activities. It is found that the LockBit group has been working on Russian-language cybercrime forums since January 2020. Attackers have been advertising its latest version, LockBit 2.0 ransomware, with built-in information stealing feature dubbed StealBit.
What Experts Say…
Commenting on the security incident, Dirk Schrader, Global VP of Netwrix, told CISO MAG, “This form of ransomware attack will become even more dominant in the future; companies are getting less likely to pay a ransom for any decryptor, and their preparation for an encryption attack is also getting better. Threatening to release confidential customer data as the blackmailing tactic of choice plays too many aspects in areas like lawsuits related to breach of contract confidentiality, loss of customer confidence or reputation.”
“Accenture’s own slogan ‘Make every part of your business more resilient’ should ring loud in their halls. Being cyber resilient does not necessarily mean that a company won’t get breached, but it means that – should it happen – the company learns from the event to become better. Accenture can do more in this by sharing as much detail about the attack as possible.”