Consulting Firm Gets RANSOM Demand After “Top Secret’ Data Stolen

(RoyalPatriot.com )- Last Wednesday, the global IT consultancy firm Accenture was allegedly breached by a cyber threat using a strain of ransomware known as LockBit.

LockBit attacks are known for their ability to encrypt Windows domains by using Active Directory group policies. Once a domain is infected, new group policies are created by the malware and sent to devices linked to the network which disable the antivirus security and implement the malware.

The attackers claimed to have stolen over six terabytes of Accenture’s data and demanded $50 million to return it. The LockBit operators claimed to have gained access to the Accenture network and were preparing to leak the stolen files at 17:30:00 GMT on August 11.

The LockBit operators never provided any proof that any information was stolen, though they did claim that they were willing to sell it to any interested parties.

On the day of the attack, Accenture released a statement saying that they identified “irregular activity” in one of their environments. They immediately contained the breach and isolated the affected servers. Accenture said they restoring their systems using backups and the breach posed no impact on their operations or their clients’ systems.

By Thursday, Reuters reported that Accenture said that their systems were fully restored.

Who exactly was behind the breach is unclear. Some say that preliminary evidence suggests that the hackers may have had help from inside Accenture. When the breach was announced, whoever conducted it posted a message to the LockBit website saying “These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases reach us.”

The deadline to pay the ransom has come and gone, and it has not been reported that Accenture paid the $50 million demanded. However, that doesn’t necessarily mean that no ransom was paid. Accenture could have paid the ransom, but did not publicly acknowledge doing so.

Thus far, the threatened release of data has not occurred either.