A well-known consulting firm, Accenture, has fallen prey to a ransomware attack by the infamous Lockbit group. The Lockbit ransomware attack, infamously called Lockbit 2.0, has resulted in a data leak of Accenture’s encrypted data, which is currently under the duress of the hacker gang.
Lockbit is blackmailing Accenture that it will publish the data if the ransom amount is not paid. Moreover, Lockbit has publicly put this extortion on their website.
An Accenture spokesperson said the following: “Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers.”
The alert for this Lockbit ransomware attack actually came from the ‘land down under’. It was the Australian Cyber Security Centre (ACSC) which caught wind of the Lockbit group’s activities in Australia.
Here is a snipper from the ACSC alert: “The ACSC has received reporting from several Australian organizations that have been impacted by LockBit 2.0 ransomware. This activity has occurred across multiple industry sectors.”
The alert further explains: “Victims have received demands for ransom payments. In addition to data encryption, victims have received threats that data stolen during the incidents will be published.”
Why is the Lockbit Ransomware Attack Dangerous
Lockbit 2.0 is a fairly recent – in fact, the latest – version of ransomware. It stacks a lot of additional features on top of traditional ransomware.
Because the hackers behind Lockbit are finding it difficult to advertise their new strain of ransomware openly in hacker forums (the posts were being promptly taken down), they have now become public on various versions of their website.
Among the content that the hackers have published on Lockbit 2.0, is a highly dangerous ability of the ransomware to encrypt Windows domains by using group policies.
Upon corrupting a system, the Lockbit ransomware creates new group policies with different privilges, and then injects them into all devices connected to the infected system. These policies are able to bypass antivirus and other security mechanisms in place to unleash the ransomware’s encryptions.
Moreover, after the user has been locked out of all system, the ransomware goes an additional step to print out the ransomware threat by sending the ransom note to print via all printers connected to the infected systems. This adds an additional layer of dread as you can imagine a person by his desk, suddenly locked out of his system, as an ominous note slides out of their printer.
And of course, like typical ransomware, Lockbit 2.0 also sets the ransom note as the machine’s wallpaper, along with a pointer to a text file with the terms of payment.
Accenture’s response to the Lockbit Ransomware Attack
When reports of the attack became public, Accenture had not openly confirmed the details of the ransomware attack. However, as things cooled down, Accenture was saying that it had no impact on Accenture’s business. Thankfully, the malware hasn’t spread to Accenture’s clients yet.
However, 2,500 systems of Accenture employees and partners fell prey.
A ransomware attack can be draining experience. Not only does it cause a dent in the company’s financial, it also causes anxiety among team members because of the hackers’ antics (like the element of the printer). Not to mention business interruptions if the ransomware spreads rapidly to all systems of the organisation.
We at Logix have combined resources for businesses on preventing ransomware once and for all.
Logix Cloud Email ATP is equipped to handle ransomware.
For more security resources, visit the Logix Blog.