Accenture, a global IT consultancy company, was a recent target of an alleged ransomware cyberattack from the LockBit ransomware group. As one of the world’s largest tech consulting companies that is valued at $44.3 billion, Accenture provides IT service to various industries including automobiles, banks, government, technology, energy, telecoms, and much more.

According to BleepingComputer, the threat actors are threatening to publish the stolen data if Accenture refuses to pay the ransom as seen below:

Even though there is no evidence of the stolen data, LockBit is attempting to sell said data to any interested parties. There are still no exact details on the cause of the breach, when the breach occurred, and the scope of the breach.

Accenture explained they used a backup to recover the affected systems. They also stated, “Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from back-up. There was no impact on Accenture’s operations, or on our clients’ systems.”

The LockBit threat actors are claiming they were able to access Accenture’s network from a company “insider” stealing six terabytes of data and are now demanding a $50 million ransom. It was confirmed by Accenture that the ransomware targeted a CTI vendor and they are notifying their affected customers.

 

Whether Lockbit was legitimately able to recruit an insider for access to Accenture’s network remains to be seen, but earlier this week, warnings were issued about their attempted recruiting of insider threats for millions in rewards if a breach proved successful.

Threat actors are always looking for creative ways to breach company networks. Understanding their motives is a quest in itself, but taking the proper steps to protect your organization and improve security posture removes the need for such understanding. Our team can investigate any suspicious activity and provide you with answers to properly assess the situation.

Our Security Operations Center provides companies 24/7 protection against constant threats. With our Security Operations Center as a Services, our team of certified engineers are constantly watching your network regardless of if the breach originated from within your business or if you want to increase security measures from outside threats.

Detecting threats early is vital for quick response. Our engineers working in tandem with ShadowSpear, our endpoint detection response tool, to block any threats from potentially harming your company.  ShadowSpear offers direct communication with our engineers as well as a customized dashboard tracking threats in real time.

If your company is experiencing a breach, call our Security Operations Center at 833.997.7327 to speak directly with an engineer.