The LockBit Ransomware gang have now targeted Accenture which is one of the major consultancy firms with over $40 billion revenue and more than 550,000 employees worldwide.
The gang has threatened the firm by leaking the stolen data online (ransomware double extortion) if the company is not willing to pay the required ransom.
It is believed that around 6 terabytes of data was stolen and a ransomware of $50 million was demanded. The gang claimed that they got into the Accenture’s network via an insider
Accenture confirmed that they immediately identified any unusual or suspicious activity and straightaway were able to isolate the infected systems form the network
No ransom was paid yet. Accenture confirmed that they have recovered the data from the backup and no unusual activity was witnessed on any other system.
LockBit ransomware, formerly known as ABCD ransomware made its first appearance in 2019 as it was being distributed by phishing emails and brute force attacks on exposed machines. Attacks involving the LockBit ransomware have been frequent and have been recorded to target organisations of medium to large size from many countries including United States, China, India, Indonesia, Ukraine, and various countries throughout Europe.
LockBit Ransomware use AES and RSA cryptography algorithms to encrypt all the target files. While LockBit is encrypting the files, it will also attempt to scans the whole target’s network and then tries to connect to the other machines via SMB port 445. Whenever it connects to another machine, it attempts to run a PowerShell script that downloads the LockBit malware onto another machine and therefore spreads the ransomware through the target’s network
© 2021 CyberEnsō – Nihon Cyber Defence Co., Ltd. All Rights Reserved.