Accenture officials Ransomware This week, a cybercriminal ring attack using LockBit malware claimed that a hacker group had obtained data from a large global IT and business consulting firm and threatened to release it.
CNBC reporter on August 11th A series of tweets The group suggested selling insider information from Accenture to stakeholders and posted on the dark web that it was clearly abusing the company, saying, “These people go beyond privacy and security. I really hope their service is better than what I’ve seen as an insider. If you’re interested in buying a database, please contact us. “
However, in a statement released to journalists, Accenture executives said: We quickly contained the issue and quarantined the affected server. You have completely restored the affected server from backup. There was no impact on Accenture’s operations or client systems. “
Accenture is a big goal
The company, which generated $ 44.3 billion in revenue during the 2020 fiscal year, Ransomware as a service (RaaS) The number of systems attacked or affected as an insider job.Cybercrime Intelligence Company Hudson Rock Written on twitter The attack was found to have compromised 2,500 computers owned by Accenture and its partners.
According to security research firm Cyble, the hacker group has obtained 6 terabytes of data from Accenture and is demanding a $ 50 million ransom. There is no evidence of stolen data. Initially, the group posted a countdown clock on the dark web that expired on Tuesday, at which point the data was publicly available.
But thybul Described on Twitter The release time was clearly postponed to Wednesday.
There are still some questions that need to be answered, such as how a malicious attacker could break into Accenture’s system and when the attack took place. Accenture executives have not commented beyond the originally issued statement.
Justin Wray, Director of Operations and Security at CoreBTS, a managed service provider, said: e Security Planet It’s not surprising that Accenture publishes very little information.
“This is not surprising, as it is not common for organizations to share details after ransomware or cyberattacks,” Wray said. “Given the rigorous reporting requirements for attacks related to certain types of data, we can learn a lot more, but the sequence of events is still in its infancy.”
Accenture is a giant with a wide reach around the world. The company has approximately 537,000 employees and 185 partners and has 6,000 customers in more than 120 countries.
References: How Zero Trust Security Can Protect From Ransomware
Attacks on the company highlight trends seen by experts in the cybercrime world, including increased use of RaaS and increased attention from hackers focusing on a few large targets in the category Accenture falls into. ..
NS June report McAfee, a cybersecurity company, has been customized to attack large companies by malicious attackers moving away from large-scale multi-target ransomware attacks with heavy effort and small financial consequences, and even more devoted to RaaS. I discovered that I am using ransomware. At the same time, McAfee researchers have been increasingly using leak sites since around 2019, which cybercriminals use to publish data seized from businesses.
Leak sites are part of a larger strategy that hackers are using. Instead of using ransomware to encrypt corporate data and demand payment in exchange for a decryption key, the threat includes extortion, capturing the data and publishing it if the ransom is not paid. There are many.
In addition, cybercriminals over the past few years have increased their attacks on companies such as Accenture, which have a large number of clients and can be used as a means to their IT environment.
LockBit that fills the vacuum
according to Blog post According to cybersecurity vendor Cybereason, LockBit is a circle of malicious attackers similar to prominent cybercrime groups such as REvil and DarkSide. It provides a platform that others can use. According to Cybereason, LockBit ransomware may be released to the LockerGoga and MegaCortex malware families, sharing technologies such as being able to automatically propagate to other targets.
LockBit ransomware first appeared in 2019 and may be increasingly used to fill in the blanks left by the end of REvil and DarkSide operations. Cybercrime gangs are reportedly recruiting corporate insiders who can use LockBit 2.0 ransomware to help compromise their networks and give them millions of dollars. I promise to pay.
References: Startups consider the file system to be the key to security
Impact on business
Responding to ransomware attacks is not easy and can have widespread consequences.according to Cybereason Report In June, 66% of the attacked companies experienced significant revenue losses and 53% said their brand and reputation were damaged. In addition, 26% said they had to close the business for a period of time, and 35% said they paid a ransom in the range of $ 350,000 to $ 1.4 million. For most businesses, paying the ransom could lead to another attack.
“A key element of ransomware recovery is getting encrypted data from a backup and restoring it, but that’s just the beginning,” said Wray of Core BTS. “If an attacker decides to retrieve and leak the data, restoring the data has no effect, nor does it solve the underlying problem.”
Accenture has acquired backup rights
It is important for the enterprise to “make sure the restore point is clean from all kinds of breaches and external access”. “Backups don’t prevent data theft, so it’s important to ensure that attackers’ access is eliminated and that compromised systems aren’t returned to the environment. In addition, address security gaps compromised by the enemy. need to do it.”
According to Hitesh Sheth, president and CEO of Vectra, a cybersecurity company that leverages artificial intelligence (AI) in its portfolio, Accenture officials did the right thing at first when they learned about ransomware attacks. I saw.
“The first report suggests that Accenture has implemented a data backup protocol and has made a rapid transition to isolate the affected servers,” Shes said. e Security Planet.. “It’s too early for outside observers to assess damage, but this is another way to remind companies to scrutinize vendor, partner, and provider security standards. You need to anticipate attacks. Perhaps a global consulting firm that links to many other companies. The key is how to anticipate, plan, and recover from attacks. “
Howard Ting, CEO of Cyberhaven, a data detection and response platform maker, said: e Security Planet With the proliferation of data across supply chains, technology stacks, and partner ecosystems, it is becoming increasingly important for organizations to require vendors and suppliers to implement effective data security controls.
“Think about the extraordinary increase in internal threat risk associated with the adoption of SaaS. [software-as-a-service] “Cloud services,” said Ting. “DPA [data processing agreements] We do more to mitigate legal and compliance risks than we do today’s actual data risks. Organizations need to ask vendors and service providers difficult, specific questions about how to protect their data. “