Cybercriminals have breached Accenture in an apparent ransomware attack but the global consulting giant says the incident was immediately contained with no impact on it or its systems. The LockBit ransomware gang announced the attack Tuesday night on its dark web leak site, setting a deadline of Thursday evening for payment. Accenture said in a statement Wednesday that it had “identified irregular activity in one of our environments” and ”immediately contained the matter and isolated the affected servers.” It did not specify when the incident occurred — or acknowledge that it was ransomware. But the description of its response was consistent with ransomware. It said it had “fully restored our affected systems from back up. There was no impact on Accenture’s operations, or on our clients’ systems.” The Dublin-based company would not say how many servers were affected or whether data was stolen and, if so, how much and what kind.
The Atlanta-based cybersecurity intelligence firm Cyble shared with The Associated Press chat images that it said were from Lockbit’s official communications channel. In them, the criminals claim they stole more than 6 terabytes of “top secret” data from Accenture, for which they said they were demanding $50 million. Accenture would not comment on what data, if any, was exfiltrated by the criminals. LockBit is a Russian-speaking ransomware syndicate that does not target former Soviet countries. It is one of the most efficient ransomware variants around, according to the cybersecurity firm Emsisoft. Active since September 2019, it has attacked thousands of organizations. Among its known victims is the Press Trust of India. Hit in October 2020, the largest news agency in India was crippled for hours but survived the attack without paying the ransom.