Accenture has been hit by a LockBit 2.0 Ransomware Attack

Introduction

Ransomware is a form of malware that cyber criminals use to encrypt the victim’s file then demand a payment – often in Bitcoin – in exchange for the decryption key. Ransom demands can reach millions of dollars.

Large firms with strategic cyber security architectures and infrastructure are not immune. Anticipating and planning for a ransomware attack is critical. Amidst a wave of attacks affecting major enterprises across the world and across the US, government officials have declared ransomware a national security threat.

Experts suggest that a ransomware attack may occur as often as every 11 seconds in 2021. US government agencies report that an average of 4,000 ransomware attacks have occurred per day across the past five years. Ransomware attacks have increased by more than 150% by volume, year-over-year, according to one report.

Accenture

Accenture, a global IT consultancy giant has allegedly been hit by a ransomware cyberattack from the LockBit ransomware gang.

Accenture is an IT giant known to serve a wide range of industries including automobiles, banks, government, technology, energy, telecoms, and many more.

Accenture provides management and technology consulting services to clients including e-commerce giant Alibaba , Cisco (CSCO.O) and Alphabet Inc’s (GOOGL.O) Google, according to their 2020 annual report.

Valued at $44.3 billion, Accenture is one of the world’s largest tech consultancy firms employing around 569,000 employees across 50 countries.

LockBit and Ransomware-as-a-Service

Experts first discovered the LockBit group in September of 2018. LockBit provides Ransomware-as-a-Service. In other words, they offer software that individual hackers can purchase and independently deploy.

LockBit’s ransomware is commonly a double-tap variant, which means that files will both be encrypted and payment will be demanded in exchange for refraining from release of the stolen data.

Impact

A cybercrime intelligence firm called Hudson Rock reported on Twitter that about 2,500 computers of employees and partners were compromised in the attack while another research firm, Cyble.

Threat actors from the Lockbit Ransomware gang gain Accenture databases of over 6TB and demanding $50M in ransom.

Accenture confirmed this attack and responded that they are not ready to pay the ransom and affected systems had been recovered from a backup.

  • “Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers.”
  • “We fully restored our affected systems from back-up. There was no impact on Accenture’s operations, or on our clients’ systems,” Accenture said.

Remediation:

1) Isolation:- Prevent the infection from spreading by disconnecting the network cable, Wi-Fi, Bluetooth, and all external storage devices such as USB or external hard drives.

2) Ensure backups have not been compromised:- Just check that the backup system not infected by ransomware. Backup data should never be available in read/write mode.

3) Identification:- Investigate the type of ransomware you’re facing, how it entered your system, and how it spreads in order to seal the breach.

4) Try to remove the malware or recover from backup:- It is questionable whether or not you can successfully remove an infection. A strong backup strategy should allow you to restore from the most recent clean backup to avoid paying the ransom.

5) Engage your incident response team:- Notify the appropriate stakeholders to activate your business continuity plan.

6) Diagnose the scope of infection:- Quickly identify which files have been impacted and where they are located.

7) Recover quickly:- Restore your files to the most recent clean version of impacted data.

8) Alert the authorities:- Inform law enforcement, customers, and any other necessary authorities. This is highly dependent on your business and industry.