Accenture has become the victim of a ransomware attack that reportedly affected 2,500 of the company’s computers as the perpetrators made off with stolen data – but the consulting services company maintains that the cyberattack had “no impact” on its operations.
Earlier this month, the LockBit ransomware gang posted Accenture’s name on its website and threatened to leak data it claims it stole from the company during its most recent attack. The gang also hinted that it managed to carry out the cyberattack with the help of an insider within Accenture.
“These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider,” a note on the LockBit website said. “If you’re interested in buying some databases reach us.”
Security firm Cyble reported that the LockBit gang was demanding a ransom payment of US$50 million for about 6 TB of stolen data.
Accenture later confirmed that it had sustained a ransomware attack, but stressed that the attack had little effect on its business.
"Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers," the company said in a statement to ZDNet.
"There was no impact on Accenture's operations or on our clients' systems."
Despite acknowledging that a cyberattack had occurred, Accenture has not revealed how the ransomware managed to infiltrate its systems, nor has it fully disclosed the extent of the malware’s effects. But a Twitter post from cybercrime intelligence firm Hudson Rock said that Accenture had 2,500 compromised computers, relating to both employees and partners, due to the attack.
Accenture also did not respond to inquiries as to whether an insider had really been involved with the cyberattack, or when the ransomware attack happened. Some cybersecurity experts have debated on whether there was even an insider involved, with one expert saying that every hacker is technically an “insider.”
News of the ransomware attack comes after Accenture published a new report, which found that for the first half of 2021, the volume of cyber intrusion activity climbed to 125% compared to H1 2020.