Image By: Ronnie Overgoor on Unsplash

According to a cybersecurity firm that saw the demand, the hacking group behind a ransomware attack on global solution provider giant Accenture has demanded $50 million in ransom.

According to a tweet from Cyble, a dark web and cybercrime monitoring organisation, the threat actor is asking $50 million in exchange for more than 6 TB of data.


Accenture said it had no new information to add to its statement on Thursday, referring CRN to a statement issued on Wednesday that said it had "contained the incident and isolated the affected servers" and that "there was no impact on Accenture's operations, or on our clients' systems."

The cyber organisation allegedly used LockBit ransomware to target Accenture, which is ranked No. 1 on CRN's Solution Provider 500 for 2021, in the attack revealed on Wednesday. According to Emsisoft, a cybersecurity firm based in New Zealand, LockBit is a ransomware strain that blocks users from accessing infected devices until a ransom payment is completed.

The incident comes after a ransomware attack on Kaseya in July, which featured a $70 million demand to decrypt victim files. Kaseya later stated that it had gotten a decryptor for the REvil ransomware, but that it had not paid the ransom. 

If a ransom demand has been made on Accenture, one solution supplier CEO expressed his hope that Accenture will refuse to pay it.

Image By: Michael Gray

“At the end of the day, paying the ransom is never a good idea,” In an interview with CRN, Douglas Grosfield, the founder and CEO of Five Nines IT Solutions in Kitchener, Ontario, remarked. “The majority of folks that do end up paying the ransom don’t necessarily get all of their data back. And what you do get back, you can’t trust. There could be a payload there—a ticking time bomb—that will make it easier for the perpetrators to get in again.”

Finally, Grosfield stated that ransomware organisations targeting IT service companies such as Accenture is "unsurprising."

“The only surprise is that it took the bad guys this long to figure out that service providers are a pretty juicy target,” he added.

According to Grosfield, the Accenture event serves as a reminder of the dictum "physician, heal thyself," which states that IT service providers must ensure that their own systems are secure in order to prescribe security solutions to their own customers.

“If you’re not well protected, then you’re not well positioned to be able to protect others,” he said.

Accenture noted in a statement released on Wednesday that “through our security controls and protocols, we identified irregular activity in one of our environments.” Following the ransomware incident's containment and isolation of impacted servers, “we fully restored our affected servers from back up,” Accenture said.

On Wednesday, VX Underground, which claims to hold the Internet's largest collection of malware source code, tweeted a timer allegedly from the hacker organisation, indicating how long until the attack on Accenture's data would begin. The timer's timer eventually ran out.

However, a CNBC reporter said on Wednesday that the hackers behind the Accenture breach uploaded over 2,000 files to the dark web, including PowerPoint presentations and case studies.

The LockBit ransomware organisation published 2,384 files for a short time, according to VX-Underground, although those files were inaccessible owing to Tor domain disruptions, most likely due to overwhelming traffic. The LockBit attack clock was restarted with a new date of Aug. 12, 2021, 20:43 UTC, or 4:43 p.m. ET Thursday, according to the organisation.

Accenture CEO Julie Sweet stated during the business's fiscal third-quarter call with analysts in June 2021 that her organisation places a great emphasis on security.

Accenture has experienced double-digit growth, thanks to consulting, cyber protection, and managed security services, according to Sweet. Accenture can scale and diversify across government business, particularly in the national security sector, which Sweet said is enjoying significant growth, thanks to its recent acquisition of Novetta, which services U.S. federal institutions.

According to IDC, which released the results of a new poll on ransomware attacks on Thursday, more than a third of all firms worldwide had suffered a ransomware event in the last 12 months.

(Source: CRN)