Several days after reportedly discovering the LockBit ransomware breach of its systems, Accenture released a cybersecurity report that included ransomware as a focus – but did not mention the attack on the IT consultancy.
Accenture released its latest “global incident response analysis” on August 4, which highlighted ransomware as one of the top current threats in cybersecurity.
According to a report from cybersecurity news site CyberScoop, Accenture had spotted the LockBit ransomware attack on its systems on July 30.
“It’s ironic, because they probably had a research group that put this paper together, and they probably didn’t even share it with the rest of their group. That’s my assumption,” said Richard Blech, CEO and founder of US-based encryption technology firm XSOC, in an interview with CRN US.
Overall though, Blech said he is “shocked” that Accenture did not disclose the LockBit ransomware attack itself, but only confirmed the breach on Thursday after a CNBC reporter tweeted about it.
“At least then they would’ve shown they wanted to be forthcoming and transparent,” Blech said.
In a statement Thursday, Accenture said that it had “immediately contained the matter and isolated the affected servers” and that “there was no impact on Accenture’s operations, or on our clients’ systems.” The statement did not reference when Accenture had originally learned of the ransomware attack.
The publicly traded IT consultancy discovered the breach nearly two weeks before publicly confirming the ransomware attack, according to CyberScoop, which cited an internal Accenture memo.
The documents stolen by hackers referenced a “small number” of clients, but “none of the information is of a highly sensitive nature,” the internal Accenture memo said, according to CyberScoop’s report.
Accenture declined to comment on CyberScoop’s report. The company did not respond to questions from CRN US about the release of its Aug. 4 security incident analysis in the wake of the reported LockBit ransomware attack.
Accenture’s report listed ransomware as one of the top three trends in cyber threats during the first half of 2021. Ransomware remained the biggest category of malware observed during that period, Accenture said in an Aug. 4 blog post about the incident analysis report.
“Ransomware is likely to remain one of the top threats to businesses globally,” Accenture said in the post. “If anything, it has entered a new phase as threat actors adopt stronger pressure tactics and capitalize on opportunistic intrusion vectors.”
Accenture reports that its client base includes 91 companies in the Fortune Global 100, along with more than three-quarters of the companies in the Fortune Global 500.
The hacker group behind the Accenture attack – which is known as LockBit 2.0, according to CyberScoop and other media outlets – reportedly used LockBit ransomware to target Accenture’s systems. T
he group has demanded US$50 million from Accenture in exchange for 6 TB of data, according to Cyble, a dark web and cybercrime monitoring firm. Accenture has not confirmed the ransom demand.
LockBit encrypts files using AES encryption and prevents users from accessing infected systems until a ransom payment is made, according to New Zealand-based cybersecurity company Emsisoft. The LockBit ransomware uses processes that are largely automated, making it “one of the most efficient ransomware variants on the market,” Emsisoft wrote in a blog post.
In its statement Wednesday, Accenture said that “through our security controls and protocols, we identified irregular activity in one of our environments.” After containing the incident and isolating impacted servers, “we fully restored our affected servers from back up,” Accenture said.
VX-Underground, which claims to have the Internet’s largest collection of malware source code, tweeted that the LockBit ransomware group released 2,384 files for a brief time on Wednesday.
Blech said he fully expects that more will still come out about the scope and severity of the ransomware attack on Accenture.
“More details will be forthcoming over the coming weeks and months, and it’s almost certainly going to be worse than is stated now,” he said.
“With what they handle and who they deal with [at Accenture], I think it’s going to be quite serious. It’s just too much information. This was a big compromise. They can minimize it all they want, but that’s an awful lot of files.”
The attack on Accenture is the latest in a series of high-profile ransomware attacks, including the massive breach of IT management software firm Kaseya in July by ransomware operator REvil.
More than one-third of all organisations globally have experienced a ransomware incident over the past 12 months, according to a recent report from research firm IDC.Internet Explorer Channel Network