Ransomware gang demands $50 million ransom from Accenture

Byte-size Bulletin by Rachael Brown in Ransomware, Security, News on Sep 10, 2021

My Post-2

Ransomware gangs are more notorious than ever, attacking major infrastructure, institutions and businesses across the world. 

The latest victim is Accenture, a global solution provider who was ranked No. 1 on CRN’s 2021 top 500 solution providers. They are being extorted for $50 million by a ransomware gang in exchange for more than 6TB of data according to Cyble, a dark web and cyber crime monitoring firm.  

The ransomware gang responsible for this attack reportedly used LockBit ransomware to target Accenture. Lockbit was first discovered by experts in 2018 and is a group that provides ransomware-as-a-service, which individual hackers can purchase and independently use.  

The ransomware used implemented new group policies on every device within a network, which prevented antivirus protections from functioning and instead had them execute ransomware.  

The ransomware used was a double-tap variant that extracts data before locking the victim's system. Meaning that Accenture cannot just restore their lost data from backup, as the ransomware gang can extort them by threatening to publish the data they stole online. 

This strain appeared to have cloned a feature from Egregor ransomware, distributing a command to connected printers to repeatedly churn out copies of the ransom note.   

While Accenture has officially stated that there was no impact on their operations or client systems from this attack, there is evidence that their data has been published on the dark web.  

A CNBC reporter has claimed that the hackers behind the attack have published on the dark web more than 2,000 Accenture files, including PowerPoint presentations and case studies. 

VX Underground, an organisation that globally monitors cyber security events, tweeted that the LockBit ransomware group released 2,384 files for a brief time, but those files were inaccessible because of Tor domain outages probably due to the high traffic.  

If a ransom demand to Accenture has been made, one solution provider executive commented that he hopes Accenture refuses to pay it. 

“At the end of the day, paying the ransom is never a good idea,” argues CEO of IT provider Kitchener, Douglas Grosfield in a CRN interview. 

“The majority of folks that do end up paying the ransom don’t necessarily get all of their data back. And what you do get back, you can’t trust. There could be a payload there—a ticking time bomb—that will make it easier for the perpetrators to get in again.” 

More than one-third of all organisations globally have experienced a ransomware incident over the past 12 months, according to research firm IDC, which disclosed the findings from a new survey on ransomware attacks. 

This means now more than ever, as ransomware grows more sophisticated and attacks more common, businesses need to strive to ensure their data security. 

Image Credit: Adobe Stock 

Subscribe to our Bulletins





Free Download

Is IT a bottleneck to your company’s growth?

Discover how small business IT support can be a strong ally in making you more productive and competitive.

Download Ebook

bottlenecks