What happens when your expert consultant team that has been advising your organization about what you need to do to protect your firm from cyber threats becomes “front page news?” The consultancy Accenture, which offers cybersecurity services, confirmed Wednesday it had been hit by a cyber incident. The ransomware gang LockBit took credit for the attack. Dublin, Ireland-based Accenture declined to give details on when the incident occurred, its duration or the attack type.
See for more information on LockBit and other Ransomware actors: https://redskyalliance.org/xindustry/ransomware-trends
"Through our security controls and protocols, we identified irregular activity in one of our environments," the company said in a statement provided to Information Security Media Group. "We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from backup. "The company added: "There was no impact on Accenture's operations, or on our clients' systems."
LockBit posted on its darknet "wall of shame" extortion website that it had removed an unstated amount of data from Accenture, which it said it intends to sell or make public. Kevin Beaumont, head of the security operations center for London-based fashion retail giant Arcadia Group, is reporting the gang has followed through on its threat and has published the files.
LockBit, which emerged in September 2019, was originally known as ABCD ransomware due to the .abcd extension it placed on encrypted files, according to a report from the threat research firm Emsisoft. LockBit partnered with the Maze ransomware group in May 2020, and in August 2020, it began attacks on midsize U.S. companies, Interpol reported. In June 2021, LockBit launched the LockBit 2.0 ransomware-as-a-service operation and started an advertising campaign to recruit new affiliates, Emsisoft says.
Emsisoft says LockBit and its affiliates have been very active this year. "There have been 9,955 submissions [about LockBit] to ID Ransomware, an online tool that helps the victims of ransomware identify which ransomware has encrypted their files," Emsisoft says. "We estimate that only 25 percent of victims make a submission to ID Ransomware."
Accenture, which posted $44 billion in revenue in fiscal 2020, has 569,000 employees. This year, the company purchased the Paris-based managed security services provider Openminded and the Brazilian managed security service provider Real Protect.
The Accenture incident is the latest in a long line of ransomware incidents striking targets including fuel supplier Colonial Pipeline Co., meat supplier JBS and the remote management software firm Kaseya.
See: https://redskyalliance.org/oillandgas/colonial-pipeline-company-hit
Colonial Pipeline was struck in May by the DarkSide ransomware gang, resulting in the company shuttering its East Coast operation, causing fuel shortages and closed gas stations. Colonial paid a $4.4 million ransom to DarkSide, but the FBI was able to recover about $2.3 million for the company.
JBS was hit by a ransomware attack on May 30, causing the Brazil-based food supplier to pay REvil's $11 million ransom demand. The payment seems to have been made not just for the promise of a decryption tool, but also a guarantee from REvil that it would not leak stolen data.
The attack on Kaseya happened in early July 2021, when attackers affiliated with the REvil aka Sodinokibi ransomware operation used vulnerabilities to exploit Kaseya's VSA software used by MSPs, 60 of which were infected. Three weeks after the attack, the company obtained a decryptor key from an unnamed source and has been able to unlock its clients' data.
The following is what Red Sky Alliance recommends:
- All data in transmission and at rest should be encrypted.
- Proper data back-up and off-site storage policies should be adopted and followed.
- Implement 2-Factor authentication-company wide.
- For USA readers, join and become active in your local Infragard chapter, there is no charge for membership. infragard.org
- Update disaster recovery plans and emergency procedures with cyber threat recovery procedures. And test them.
- Institute cyber threat and phishing training for all employees, with testing and updating.
- Recommend/require cyber security software, services and devices to be used by all at home working employees and consultants.
- Review and update your cyber threat and information security policies and procedures. Make them a part of all emergency planning and training.
- Ensure that all software updates and patches are installed immediately.
- Enroll your company/organization in RedXray for daily cyber threat notifications are directed at your domains. RedXray service is $500 a month and provides threat intelligence on nine (9) cyber threat categories including Keyloggers, with having to connect to your network.
- Purchase annual cyber insurance coverage from Red Sky Alliance provided by Cysurance.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
Reporting: https://www.redskyalliance.org/
• Website: https://www.wapacklabs.com/
• LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
Comments