Accenture on this Wednesday morning confirmed that it was hit by a ransomware attack, with a hacker group using the LockBit ransomware reportedly threatening to release the company’s data and sell insider information.
“Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected servers from back up. There was no impact on Accenture’s operations, or on our clients’ systems,” Accenture wrote.
Accenture is the most recent LockBit 2.0 ransomware victim.
While Accenture has confirmed the attack and maintained their position on no operational impact, they have neither confirmed nor denied the data leak.
Cyber researchers have gathered additional information on the case, which might further help you understand the threat and its potential impact.
TLP RED: Accenture Ransomware Attack - https://www.linkedin.com/smart-links/AQE1Qwz5SA3C8g
TLP RED: Sample Stolen Files (unconfirmed) - https://cyble-docs.docsend.com/view/4jmb5eac48rrv7fc
LockBit threat group has been active since late 2019. In the last 35 days, they have attacked over 89 organisations. Australia is ranked 3rd in their overall victims' list.
Over 50% of their victims are from the manufacturing, business services, and the financial services sector.
A known threat actor has shared Kaseya universal REvil decryption key on a cybercrime forum. The key is 'OgTD7co7NcYCoNj8NoYdPoR8nVFJBO5vs/kVkhelp2s=' : applicable to all victims of the Kasaya supply chain attack.