The hacking group behind a ransomware attack on global solution provider powerhouse Accenture has demanded $50 million in ransom, as per the cybersecurity firm that saw the demand.
According to a tweet from Cyble, a dark web and cybercrime monitoring company, the threat actor is seeking $50 million in return for more than 6 TB of data.
On Thursday, Accenture responded it had no additional information to add to its statement, pointing CRN to a statement issued on Wednesday that claimed it had “contained the matter and isolated the affected servers” and that “there was no impact on Accenture’s operations, or on our clients’ systems.”
The hacking group apparently used LockBit ransomware to target Accenture, which is ranked No. 1 on CRN’s Solution Provider 500 for 2021, in the attack revealed on Wednesday.
As per Emsisoft, a cybersecurity firm located in New Zealand, LockBit is a ransomware strain that stops users from accessing infected devices until a ransom payment is completed. The incident arises after a ransomware assault on Kaseya in July, which involved a $70 million ransom demand to decrypt victim files. Kaseya later stated that it had acquired a decryptor for the REvil ransomware, but it had not paid the ransom.
“At the end of the day, paying the ransom is never a good idea,” stated Douglas Grosfield, founder and CEO of Kitchener, Ontario-based Five Nines IT Solutions, in an interview with CRN.
“The majority of folks that do end up paying the ransom don’t necessarily get all of their data back. And what you do get back, you can’t trust. There could be a payload there—a ticking time bomb—that will make it easier for the perpetrators to get in again.”
He stated that ransomware groups targeting IT service companies such as Accenture is unsurprising. “The only surprise is that it took the bad guys this long to figure out that service providers are a pretty juicy target,” he added.
According to Grosfield, the Accenture incident serves as a reminder of the proverb, “physician, heal thyself,” which states that IT service providers must verify their own systems are safe to propose security solutions to their own clients.
Accenture claims to have contained the assault, however, this is a questionable assertion. The firm confirmed the ransomware assault in an emailed response to a request for information from CRN but stated it had no impact on the organization.
“Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected servers from back up. There was no impact on Accenture’s operations, or on our clients’ systems,” Accenture wrote.
However, a CNBC reporter spoke on Wednesday that the hackers behind the Accenture attack uploaded over 2,000 files to the dark web, including PowerPoint presentations and case studies.
On Wednesday, VX Underground, which claims to possess the Internet’s largest collection of malware source code, tweeted a timer allegedly from the hacking group, indicating how the time until the attack on Accenture’s data would begin. The timer’s timer ultimately ran out. The LockBit ransomware gang published 2,384 files for a short period, according to VX-Underground, however, those files were unavailable due to Tor domain issues, most likely due to excessive traffic.
The LockBit attack clock was restarted with a new date of Aug. 12, 2021, 20:43 UTC, or 4:43 p.m. ET Thursday, according to the group.
The Accenture incident, according to Ron Bradley, vice president of third-party risk management firm Shared Assessments, is “a perfect example of the distinction between business resiliency and business continuity,” he told Threatpost on Wednesday.
“This particular example with Accenture is interesting in the fact that it was a known/published vulnerability,” Bradley continued. “It highlights the importance of making sure systems are properly patched in a timely manner. The ability for Accenture to manage the repercussions of potentially stolen data will be an important lesson for many organizations going forward.”
According to Hitesh Sheth, president, and CEO of cybersecurity firm Vectra, all organizations should expect such assaults, but especially a global consultancy firm with many links.
“First reports suggest Accenture had data backup protocols in place and moved quickly to isolate affected servers,” he informed Threatpost on Wednesday. “It’s too soon for an outside observer to assess the damage. However, this is yet another reminder to businesses to scrutinize security standards at their vendors, partners, and providers. Every enterprise should expect attacks like this – perhaps especially a global consulting firm with links to so many other companies. It’s how you anticipate, plan for and recover from attacks that counts.”
LockBit encrypts files with AES encryption and generally asks a high-five-figure ransom to decrypt the data. LockBit’s procedures are mostly automated, allowing it to operate with little human monitoring once a victim has been hacked, according to Emsisoft. It may be used as the foundation for a ransomware-as-a-service business model, in which ransomware authors can utilize it in exchange for a share of the ransom payments.
Source: https://www.ehackingnews.com/2021/08/cyber-firm-ransomware-group-demanding.html
- "
- 000
- 2021
- אקסנצ'ר
- נוסף
- AES
- תעשיות
- לִכאוֹרָה
- מאפשר
- המתקפות
- מחברים
- אוטומטי
- גיבוי
- BP
- הפרה
- עסקים
- רציפות עסקית
- מודל עסקי
- עסקים
- מקרים לדוגמא
- מנכ"ל
- טענות
- לקוחות
- CNBC
- קוד
- חברות
- חברה
- ייעוץ
- סייבר
- פשעי אינטרנט
- אבטחת סייבר
- אינטרנט אפל
- נתונים
- יְוֹם
- פענוח
- דרישה
- התקנים
- הצף
- מִפְעָל
- חליפין
- תרשים
- פירמה
- קדימה
- מייסד
- כְּנוּפִיָה
- גלוֹבָּלִי
- טוב
- קְבוּצָה
- האקרים
- פריצה
- קבוצת פריצה
- איך
- HTTPS
- רעיון
- פְּגִיעָה
- כולל
- מידע
- אינטרנט
- ראיון אישי
- מעורב
- בעיות
- IT
- יולי
- ארוך
- הרוב
- עשייה
- תוכנות זדוניות
- ניהול
- מִילִיוֹן
- מודל
- ניטור
- ניו זילנד
- תפעול
- אחר
- שותפים
- תשלום
- תשלומים
- רופא
- מצגות
- נשיא
- להציע
- כופר
- ransomware
- התקפת כופר
- להחלים
- כתב
- דוחות לדוגמא
- תגובה
- הסיכון
- ניהול סיכונים
- RON
- בטוח
- אבטחה
- שיתוף
- משותף
- קצר
- So
- פתרונות
- תקנים
- הצהרה
- הברית
- גָנוּב
- מחקרים
- הפתעה
- מערכות
- יעד
- זמן
- טור
- תְנוּעָה
- סומך
- ציוץ
- משתמשים
- ספקים
- סגן הנשיא
- פגיעות
- אינטרנט
עוד מ חדשות על פריצה
פושעי סייבר המשתמשים בכלי Darknet חדש כדי להימלט מהגילוי
צומת המקור: 1864401
בול זמן: אוגוסט 14, 2021
חוקרים חשפו סוכנויות ריגול רוסיות המכוונות לממשלה הסלובקית
צומת המקור: 1022276
בול זמן: אוגוסט 15, 2021
פגיעות זו בפלטפורמת E-Learning Moodle עלולה אפילו לשנות את תוצאות הבחינה
צומת המקור: 998194
בול זמן: אוגוסט 2, 2021
פריצת נתונים של Raven Hengelsport חושפת 18GB של נתוני לקוחות
צומת המקור: 995495
בול זמן: יולי 29, 2021
Numando: טרויאני בנקאי המכוון לברזיל משתמש לרעה ב-YouTube לצורך הפצה
צומת המקור: 1875198
בול זמן: ספטמבר 20, 2021
מאגרי קוד גישה של GitHub וקוד מקור חשופים לליקויים חמורים ב-Shopify
צומת המקור: 1859100
בול זמן: יולי 30, 2021
'DeepBlueMagic' - תוכנת כופר שהתגלתה לאחרונה עם אופנה ייחודית של מודוס
צומת המקור: 1864445
בול זמן: אוגוסט 14, 2021