In brief
- Ransomware attacks are big business.
- Hackers usually demand payment in Bitcoin to return control of a computer or network to its owner.
Accenture is a Fortune 500 IT consulting firm with half a million employees scattered across the globe. That is, it's just the sort of company that could lose not just billions in revenue from a prolonged ransomware attack but also credibility from other companies that rely on its cybersecurity expertise.
The firm is reporting it repelled just such an attack from hacker group Lockbit on Tuesday evening, but not before the hackers accessed some files purportedly belonging to the company. It began publishing them today.
The cyber criminal outfit had leaked an extortion message saying it would be publishing data stolen from the company within a few hours, unless, of course, Accenture wanted to buy the databases themselves. The message suggested that a company "insider" was responsible for the attack.
Accenture was not interested. According to a company statement, “Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers.”
Moreover, those affected servers are, according to Accenture, no longer affected: “We fully restored our affected systems from back up [sic]. There was no impact on Accenture’s operations, or on our clients’ systems.”
But Lockbit still went ahead and began publishing 2,384 files, indicating that Accenture likely made no attempt to purchase the stolen data. It's unclear how sensitive that data is.
Lockbit have started dumping data for Accenture.
Their portal is very slow and buggy, probably due to everybody downloading things (what a world).
The 2384 items also had subfolders with items below. pic.twitter.com/fnsd0XyGF2
— Kevin Beaumont (@GossiTheDog) August 11, 2021
Ransomware is simply software designed to lock users out of their computers or network until they hand over money, usually Bitcoin or another cryptocurrency. LockBit has been around since late 2019 and is known for using targeted attacks that can spread across networks without manual intervention, according to cybersecurity firm Kaspersky. Hackers may try to gain access via brute force methods that can crack weak passwords. The malware then steals data.
According to statistics from European ransomware support company BeforeCrypt, the average Lockbit ransom is about $33,000 in BTC, though that number can be much higher for companies with deep pockets.
Assuming no sensitive information has been linked, Accenture may have dodged a bullet. Ransomware payments in the first five months of the year cost companies $81 million, according to blockchain investigative firm Chainalysis, not counting the hundreds of hours in lost work hours.