Accenture downplays ransomware attack as LockBit gang leaks corporate data

Fortune 500 company Accenture has fell victim to a ransomware attack but said today the incident did not impact its operations and has already restored affected systems from backups.

News of the attack became public earlier this morning when the company's name was listed on the dark web blog of the LockBit ransomware cartel.

The LockBit gang claimed it gained access to the company's network and was preparing to leak files stolen from Accenture's servers at 17:30:00 GMT.


Image: The Record

In an emailed statement, Accenture not only confirmed the attack but also greatly played down its impact.

Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from back up. There was no impact on Accenture's operations, or on our clients' systems.

Accenture spokesperson

But while Accenture said the incident was quickly contained, this didn't stop the hackers from threatening to leak files they stole from the company's internal network.

Just before this article was published, the countdown timer on the LockBit gang's leak site also reached zero. Following this event, the LockBit gang leaked Accenture's files, which, following a cursory review, appeared to include brochures for Accenture products, employee training courses, and various marketing materials. No sensitive information appeared to be included in the leaked files.


Image: The Record

In the meantime, questions remain unanswered about the incident, with the biggest being how the LockBit gang managed to gain access to the network of one of the world's largest multinationals.

Earlier today on Twitter, several cybersecurity firms began speculating and sharing theories about the Accenture hack. None offered any evidence for their claims, including one that went as far as to speculate that the ransomware attack was the result of a malicious insider.

But while Accenture passed the incident as a mere scratch, the aftermath of this attack is expected to create at least some bad publicity for the company as a cyber-insurance provider.

However, Accenture wouldn't be the first cyber-insurance provider to suffer a ransomware attack, as something similar also happened to AXA Group earlier this year.

Last week, the ACSC, Australia's cybersecurity agency, had sent out an alert warning of a spike of activity from the LockBit gang.

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Catalin Cimpanu

Catalin Cimpanu

is a cybersecurity reporter who previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.