wordpress blog stats
Connect with us

Hi, what are you looking for?

Accenture becomes latest victim of a ransomware attack, but says no disruption to operations

The cyberattack against Accenture was done using LockBit which is a strain of ransomware that has been highly active since 2019, a timeline reveals. 

A LockBit hacker group accessed proprietary data of IT consulting firm Accenture in a ransomware attack on Wednesday, according to a tweet by VX Underground. The group, in its post, said: “These people (Accenture) are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases, reach us.” It is not yet known whether a ransom had been paid or not by the company. 

Why it matters? Ransomware attacks rose by 93 percent in the first six months of 2021 according to a report by Check Point. The cybersecurity firm also pointed out that the number of attacks is expected to increase despite interventions by law enforcement. The pandemic has fuelled rapid digitalisation worldwide causing cybersecurity attacks to rise in tandem. It is to be noted that in many of these attacks, ransoms are being paid by the afflicted companies which in turn encourages more criminals to go down the route in order to get rich quickly.  

Advertisement. Scroll to continue reading.

Details of the attack on Accenture

VX Underground, a database of malware source codes, had posted a countdown of four hours along with its tweet indicating the time at which the group will release the data.  Once the countdown was over, hackers published nearly 2,400 files such as powerpoints, case studies, quotes, etc. according to a tweet by CNBC journalist Eamon Javers.

These files remained inaccessible due to TOR domain outages, presumably due to high traffic, VX Underground wrote in another tweet. It also added: “Lockbit has rolled back the clock – stating data will be re-released 12 Aug, 2021 20:43 UTC.” 

In a statement to CRN, Accenture said that the attack had no impact on its operations or on its clients’ systems

Advertisement. Scroll to continue reading.

“Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected servers from backup. There was no impact on Accenture’s operations, or on our clients’ systems,” the company was quoted as saying.

History of LockBit ransomware

LockBit is a strain designed to block user access to computer systems in exchange for a ransom payment, as per Kaspersky’s website. “LockBit will automatically vet for valuable targets, spread the infection, and encrypt all accessible computer systems on a network,” the website explained.

Antivirus software company Emsisoft’s blog post provides a timeline of LockBit’s activities in the last two years:

September 2019: LockBit makes its first appearance. 

May 2020: LockBit partners with Maze ransomware developers to exchange tactics and resources, with LockBit using Maze’s leak site to publish stolen files. It was referred to as the ransomware cartel

September 2020: LockBit launches its own leak site. 

August 2020: INTERPOL warns of a spike in LockBit attacks on medium-sized companies in the Americas as part of its Cybercrime: Covid-19 Impact report

Advertisement. Scroll to continue reading.

October 2020: Press Trust of India is the target of a LockBit attack. The incident causes disruptions to its operations. No ransom was paid and IT teams were able to restore the affected systems overnight.

April 2021: UK rail network Merseyrail is hit by LockBit according to a report by Bleeping Computer. The hackers infiltrated a director’s Office 365 email account and informed the employees of the attack.

June 2021: LockBit launches LockBit 2.0 along with an advertising campaign to recruit new affiliates.

The blog post said that 9,955 LockBit submissions have been recorded by ID Ransomware to date.  ID Ransomware is an online tool that helps victims of ransomware identify which ransomware has encrypted their files. Only 25 percent of total attacks are reported to ID Ransomware, the post added.

Major ransomware attacks in 2021

  • Colonial Pipeline Co. was a victim of a ransomware attack in May this year. The attack caused widespread disruptions to fuel supply in the U.S. East Coast. The company ended up paying a $4.4 million ransom in Bitcoin. The DarkSide ransomware gang was identified as the culprit behind the attack.
  • JBS USA disclosed that it was targetted by the REvil ransomware group days after the Colonial Pipeline attack. The world’s largest beef producer had to shut down operations and it ended up paying a ransom of $11 million
  • Acer was infiltrated by the REvil ransomware group which demanded a payout of $50 million in March. The Taiwan-based PC manufacturer did not confirm whether it had been hit by the attack. Moreover, it’s not clear if Acer complied with the demand.
  • Gigabyte was also hit by a ransomware attack by the RansomEXX ransomware gang recently. The Taiwanese motherboard maker has been asked to pay up or the gang will publish 112GB of stolen data. 
  • Kaseya, an IT solutions developer for MSPs and enterprise clients, confirmed that it had been the victim of a cyberattack last month. REvil is said to be behind the attack which ended up affecting 2,000 firms across the world. Kaseya obtained the decryption key but refused to confirm how it was obtained. It further declined to comment on whether a ransom had been paid.

Also read:

Have something to add? Subscribe to MediaNama and post your comment

Advertisement. Scroll to continue reading.
Written By

I cover several beats such as Crypto, Telecom, and OTT at MediaNama. I can be found loitering at my local theatre when I am off work consuming movies by the dozen.

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



Due to the scale of regulatory and technical challenges, transparency reporting under the IT Rules has gotten off to a rocky start.


Here are possible reasons why Indians are not generating significant IAP revenues despite our download share crossing 30%.


This article addresses the legal and practical ambiguities in understanding the complex crypto ecosystem in India.


It is widely argued that the PDP Bill report seeks to discard the intermediary status of social media platforms but that may not be...


Looking at the definition of health data, it is difficult to verify whether health IDs are covered by the Bill.

You May Also Like


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ