NEW DELHI: Accenture was breached by cybercriminals in an apparent ransomware attack, but the global consulting firm says the incident was quickly contained and had no impact on it or its systems.
The LockBit ransomware gang announced the attack on its dark web leak site Tuesday night, setting a payment deadline of Thursday evening.
Accenture claimed it “discovered abnormal behaviour in one of our environments” and “quickly controlled the situation and isolated the affected servers.”
It made no mention of when the incident occurred, nor did it admit that it was caused by ransomware. However, the description of its response matched that of ransomware.
It stated that it had “completely restored our affected systems from backup.” There was no impact on Accenture’s operations or the systems of our clients.”
The Dublin-based firm refused to reveal how many servers were compromised or whether data was stolen, or if so, how much and what kind of data.
The Associated Press received conversation photos from Atlanta-based cybersecurity intelligence firm Cyble, which said they were from Lockbit’s official communications channel. In them, the crooks claim to have stolen more than 6 terabytes of “top secret” data from Accenture and demanded $50 million in exchange.
Accenture declined to say what data, if any, was stolen by the crooks.
LockBit is a Russian-speaking ransomware group that does not target countries that were once part of the Soviet Union.
According to cybersecurity firm Emsisoft, it is one of the most effective ransomware strains. It has been active since September 2019 and has targeted thousands of businesses.
The Press Trust of India is one of the known victims. The major news agency in India was disabled for hours in October 2020, yet it survived the attack without paying a ransom.
LockBit allegedly attacked the UK rail network Merseyrail in April 2021.
Hackers allegedly gained access to a director’s email account and sent an email to staff and press stating that data had been stolen.