Consulting giant Accenture was attacked by ransomware threat actors on Wednesday, but the company said it contained the attack and did not lose any customer data.
Hackers operating the LockBit ransomware claimed Wednesday that they infiltrated Accenture’s network and set a four-hour countdown. If Accenture fails to pay the ransom, the hackers said, the stolen data would be released. Oddly enough, the hackers also said they wanted to sell the data, which made the threat of public disclosure in just four hours an odd decision.
By noon, however, the countdown was up and although some data was released, experts said there was little that cybercriminals would have found useful. At first glance, the disclosed data appear to be little more than corporate communication without customer data or sensitive information.
There could be good reason for this, as Accenture confirmed that while the intruders broke into one of its networks, they couldn’t infiltrate any of its more valuable databases or access customer information.
“Through our security controls and logs, we have detected irregular activity in one of our environments,” a spokesman for Accenture confirmed in a statement to SearchSecurity.
“We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from the backup. There was no impact on the operations of Accenture or on our customers’ systems.”
In short, Accenture called the hackers’ bluff. But several infosec researchers noticed that after about 2,300 files were released, the Accenture deadline clock was reset to Thursday, August 12th.
LockBit works on the same Ransomware-as-Service Model like other popular ransomware families like Maze, the actual work of infiltrating the network and deploying the malware to “hook up” hackers in exchange for a cut in eventual payment. This means that the people doing the actual infiltration work can range from skilled hackers to inexperienced “script kiddies” on any given day.
At one point, LockBit reportedly worked with other ransomware gangs to develop a “cartel” setup for ransomware operators.
While Accenture does not elaborate on the type of attack or the data stolen, the company appears confident that nothing of material value has been stolen. the consulting firm and it appears they refused to pay the ransom.
This isn’t the first time Accenture has faced a data explosion. In 2017, the consulting firm was one of the companies that fell victim to a data explosion after improperly setting the security settings on an AWS storage bucket, which exposed sensitive corporate data to the public.