The hacker group behind a ransomware attack on global solution provider giant Accenture has made a ransom demand for $50 million, according to a cybersecurity firm that reports seeing the demand. The threat actor is demanding the $50 million in exchange for more than 6 TB of data, according to a tweet from Cyble, a dark web and cybercrime monitoring firm.
Accenture said it did not have any updates to its statement—and referred CRN to a statement saying that it “contained the matter and isolated the affected servers” and that “there was no impact on Accenture’s operations, or on our clients’ systems.”
In the attack the hacker group reportedly used LockBit ransomware to target Accenture, which is No. 1 on CRN’s Solution Provider 500 for 2021. LockBit, according to New Zealand-based cybersecurity company Emsisoft, is a strain of ransomware that prevents users from accessing infected systems until a ransom payment is made.
The incident follows the July attack on Kaseya by ransomware operator REvil, which included a $70 million demand to decrypt victim files. Kaseya later said it obtained a REvil ransomware decryptor, but did not pay the ransom. If a ransom demand to Accenture has in fact been made, one solution provider executive said he hopes Accenture refuses to pay it.
“At the end of the day, paying the ransom is never a good idea,” said Douglas Grosfield, founder and CEO of Kitchener, Ontario-based Five Nines IT Solutions, in an interview with CRN. “The majority of folks that do end up paying the ransom don’t necessarily get all of their data back. And what you do get back, you can’t trust. There could be a payload there—a ticking time bomb—that will make it easier for the perpetrators to get in again.”
Ultimately, Grosfield said it’s “no surprise” to see ransomware groups going after IT service providers such as Accenture.
“The only surprise is that it took the bad guys this long to figure out that service providers are a pretty juicy target,” he said. Accenture CEO Julie Sweet, talking with investors in June 2021 during the company’s fiscal third quarter call with analysts, said her company has a strong focus on security.
Accenture has seen double-digit growth which was driven by advisory, cyber defense and managed security services, Sweet said. With its recent acquisition of Novetta, which serves U.S. federal organizations, Accenture can scale and diversify across federal business, specifically in the national security sector, which Sweet said is experiencing substantial growth.
