[MART] - Daily Diary #325 - Accenture hit by LockBit 2.0

CTAS-MAT ctas-mat at appgate.com
Thu Aug 12 21:38:51 UTC 2021

I hope everyone is doing well!

Below is the entry for today.

08/12/2021 - Diary entry #325

In our Daily Diaries #315 and #319 we covered LockBit's new version and the new strategies employed by the cybercrime group to acquire new "affiliates" and targets. LockBit is a human-driven ransomware, mostly found in targeted attacks. This threat also applies the double-extortion model, stealing data before encrypting it, threatening to publish in their wall-of-shame in case the ransom is not paid.

This week Accenture, a global IT consulting Giant, was hit by LockBit. According to Accenture, "Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers, [...] We fully restored our affected systems from backup, and there was no impact on Accenture’s operations, or on our clients' systems.". It's not clear yet if any client's data was stolen during the attack.

Our team has access to LockBit 2.0 wall-of-shame website. Since this week LockBit's displays a tab for Accenture, claiming responsibility for the attack and inviting anyone interested in buying Accenture databases to reach them. The attackers also mock Accenture security, claiming that "These people are beyond privacy and security". LockBit displays for each target a countdown monitor, showing how much time the company has to negotiate a ransom payment. Accenture's countdown reached 0 today, August 12th, at 17:43 EST. Now, instead of the countdown, the page displays a message claiming that "All available data" is published, but no data can yet be downloaded. It's possible that LockBit's page is overloaded, due to how much this attack was advertised and the importancy of Accenture data, or that the attackers are yet uploading the exfiltrated data.

Starting this week, LockBit 2.0 is monitored by our team's Ransom Tracker. Covered in several of our Daily Diaries, this tool periodically access currently active Ransomware wall-of-shame websites, alerting us whenever a new target is posted. This update also adds three other ransomware pages to our tracker.

Kind Regards,


[https://d3aafpijpsak2t.cloudfront.net/images/Signature/likedin@2x.png]<https://www.linkedin.com/company/appgate-security/>     [https://d3aafpijpsak2t.cloudfront.net/images/Signature/twitter@2x.png] <https://twitter.com/AppgateSecurity>   [https://d3aafpijpsak2t.cloudfront.net/images/Signature/youtube@2x.png] <https://www.youtube.com/channel/UC-8GvxcZbm-R3EJNl8jYjiQ>

Felipe Duarte Domingues
Security Researcher

E: felipe.duarte at appgate.com<mailto:felipe.duarte at appgate.com>
O: +55 19 98840 2509

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.immunityinc.com/pipermail/mart/attachments/20210812/5eb205c4/attachment.htm>

More information about the MART mailing list