Accenture says it has mitigated a LockBit ransomware attack and that the attack did not impact internal or customer systems. But unconfirmed third-party reports suggest hackers could be demanding a ransomware payment from the global IT consulting firm.
Here's a timeline tracking the LockBit attack, Accenture's statement, and third-party items:
- Thursday, August 12, 2021: Accenture said it did not have any updates to its initial statement. Source: SecurityHQ, August 12, 2021.
- Wednesday, August 11, 2021, 1:03 p.m.: Accenture said it has fully restored certain affected systems, after a CNBC reporter tweeted of a hacker group saying it attacked the IT consulting firm using LockBit ransomware and threatened to release the data in several hours. Accenture said there was no impact to operations or customer systems. Source: Reuters, August 11, 2021.
- Wednesday, August 11, 2021, 7:41 a.m: Cyber risk intelligence startup Cyble says the LockBit threat actors have "alleged to gain databases of over 6TB and demanding $50M as a ransom. They also alleged that it's an insider job, by someone who is still employed there (unlikely though)."
More Updates: Keep checking this blog for potential updates to the story.
How Does LockBit Ransomware Work?
Security HQ, a global MSSP, describes LockBit ransomware attack traits in this blog:
"LockBit attacks are known for their ability to encrypt Windows domains by using Active Directory group policies. Once a domain is infected, new group policies are generated by the malware and sent to devices linked to the network. Here, the policies disable the antivirus security, and implement the malware. LockBit ransomware was first observed in September 2019, since then the malware has become significantly advanced, and once ransomware ads were barred on hacking forums, a new leak site was organized to showcase their latest variant, this being LockBit 2.0."
