Accenture Pwned By Ransomware Attack… Attackers Leak Corporate Data

Fortune 500 company Accenture have fell victim to a ransomware attack. The company said that the incident did not impact its operations and has already restored affected systems from backups:

News of the attack became public earlier this morning when the company’s name was listed on the dark web blog of the LockBit ransomware cartel. The LockBit gang claimed it gained access to the company’s network and was preparing to leak files stolen from Accenture’s servers at 17:30:00 GMT. In an emailed statement, Accenture not only confirmed the attack but also greatly played down its impact. But while Accenture said the incident was quickly contained, this didn’t stop the hackers from threatening to leak files they stole from the company’s internal network.

But here’s the thing:

But while Accenture said the incident was quickly contained, this didn’t stop the hackers from threatening to leak files they stole from the company’s internal network.

Just before this article was published, the countdown timer on the LockBit gang’s leak site also reached zero. Following this event, the LockBit gang leaked Accenture’s files, which, following a cursory review, appeared to include brochures for Accenture products, employee training courses, and various marketing materials. No sensitive information appeared to be included in the leaked files.

That’s going to hurt.

Richard Blech, CEO and Founder, XSOC CORP had this comment on the attack:

     “It is certainly ironic that Accenture fell victim to a ransomware attack after reporting about ransomware threats just last week. With that said though, that is also the most concerning thing about this story: RaaS was on their radar, and they still fell victim to it. This tells us that they either didn’t take the proper preventative security measures to protect themselves from this type of attack or they are naïve to the fact that Lockbit could still leak more documents that could have more of an impact on a company. Moreover, a global company the size of Accenture, with 482,000 people in more than 120 countries, must have security access controls in place which should have protected against the ‘insider threat’.”

  “While Accenture claims there was little impact from this ransomware attack, we must take into consideration whether they’re downplaying this attack due to embarrassment or fear that it will tarnish the company’s image. Another possibility is, being a large billion-dollar company, perhaps they paid the ransom to try to mitigate the damage and sweep the story under the rug as quickly as possible to avoid hurting the business. “ 

  “Regardless of Accenture’s reasoning for downplaying this attack, it is simply an irresponsible thing to do. With the growing number, severity, and magnitude of cyberattacks across the globe right now, transparency from companies that do fall victim to these attacks is imperative. Certainly, since GDPR plays a role here, Accenture must be much more forthcoming as to the details of this breach. Transparency is the only way we can all learn from mistakes and therefore, take more advanced security measures and protocol to avoid even more breaches. “

My prediction is the fallout from this attack will be epic and won’t end well for Accenture.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: