The hacking group behind a ransomware attack on global solution provider powerhouse Accenture has demanded $50 million in ransom, as per the cybersecurity firm that saw the demand.
According to a tweet from Cyble, a dark web and cybercrime monitoring company, the threat actor is seeking $50 million in return for more than 6 TB of data.
On Thursday, Accenture responded it had no additional information to add to its statement, pointing CRN to a statement issued on Wednesday that claimed it had “contained the matter and isolated the affected servers” and that “there was no impact on Accenture’s operations, or on our clients’ systems.”
The hacking group apparently used LockBit ransomware to target Accenture, which is ranked No. 1 on CRN’s Solution Provider 500 for 2021, in the attack revealed on Wednesday.
As per Emsisoft, a cybersecurity firm located in New Zealand, LockBit is a ransomware strain that stops users from accessing infected devices until a ransom payment is completed. The incident arises after a ransomware assault on Kaseya in July, which involved a $70 million ransom demand to decrypt victim files. Kaseya later stated that it had acquired a decryptor for the REvil ransomware, but it had not paid the ransom.
“At the end of the day, paying the ransom is never a good idea,” stated Douglas Grosfield, founder and CEO of Kitchener, Ontario-based Five Nines IT Solutions, in an interview with CRN.
“The majority of folks that do end up paying the ransom don’t necessarily get all of their data back. And what you do get back, you can’t trust. There could be a payload there—a ticking time bomb—that will make it easier for the perpetrators to get in again.”
He stated that ransomware groups targeting IT service companies such as Accenture is unsurprising. “The only surprise is that it took the bad guys this long to figure out that service providers are a pretty juicy target,” he added.
According to Grosfield, the Accenture incident serves as a reminder of the proverb, “physician, heal thyself,” which states that IT service providers must verify their own systems are safe to propose security solutions to their own clients.
Accenture claims to have contained the assault, however, this is a questionable assertion. The firm confirmed the ransomware assault in an emailed response to a request for information from CRN but stated it had no impact on the organization.
“Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected servers from back up. There was no impact on Accenture’s operations, or on our clients’ systems,” Accenture wrote.
However, a CNBC reporter spoke on Wednesday that the hackers behind the Accenture attack uploaded over 2,000 files to the dark web, including PowerPoint presentations and case studies.
On Wednesday, VX Underground, which claims to possess the Internet’s largest collection of malware source code, tweeted a timer allegedly from the hacking group, indicating how the time until the attack on Accenture’s data would begin. The timer’s timer ultimately ran out. The LockBit ransomware gang published 2,384 files for a short period, according to VX-Underground, however, those files were unavailable due to Tor domain issues, most likely due to excessive traffic.
The LockBit attack clock was restarted with a new date of Aug. 12, 2021, 20:43 UTC, or 4:43 p.m. ET Thursday, according to the group.
The Accenture incident, according to Ron Bradley, vice president of third-party risk management firm Shared Assessments, is “a perfect example of the distinction between business resiliency and business continuity,” he told Threatpost on Wednesday.
“This particular example with Accenture is interesting in the fact that it was a known/published vulnerability,” Bradley continued. “It highlights the importance of making sure systems are properly patched in a timely manner. The ability for Accenture to manage the repercussions of potentially stolen data will be an important lesson for many organizations going forward.”
According to Hitesh Sheth, president, and CEO of cybersecurity firm Vectra, all organizations should expect such assaults, but especially a global consultancy firm with many links.
“First reports suggest Accenture had data backup protocols in place and moved quickly to isolate affected servers,” he informed Threatpost on Wednesday. “It’s too soon for an outside observer to assess the damage. However, this is yet another reminder to businesses to scrutinize security standards at their vendors, partners, and providers. Every enterprise should expect attacks like this – perhaps especially a global consulting firm with links to so many other companies. It’s how you anticipate, plan for and recover from attacks that counts.”
LockBit encrypts files with AES encryption and generally asks a high-five-figure ransom to decrypt the data. LockBit’s procedures are mostly automated, allowing it to operate with little human monitoring once a victim has been hacked, according to Emsisoft. It may be used as the foundation for a ransomware-as-a-service business model, in which ransomware authors can utilize it in exchange for a share of the ransom payments.
Source: https://www.ehackingnews.com/2021/08/cyber-firm-ransomware-group-demanding.html
- "
- 000
- 2021
- ایکسینچر
- ایڈیشنل
- یئایس
- تمام
- مبینہ طور پر
- اجازت دے رہا ہے
- حملے
- مصنفین
- آٹومیٹڈ
- بیک اپ
- BP
- خلاف ورزی
- کاروبار
- کاروبار تسلسل
- بزنس ماڈل
- کاروبار
- کیس اسٹڈیز
- سی ای او
- دعوے
- کلائنٹس
- CNBC
- کوڈ
- کمپنیاں
- کمپنی کے
- مشاورت
- سائبر
- سائبر جرائم
- سائبر سیکیورٹی
- گہرا ویب
- اعداد و شمار
- دن
- خرابی
- ڈیمانڈ
- کے الات
- خفیہ کاری
- انٹرپرائز
- ایکسچینج
- اعداد و شمار
- فرم
- آگے
- بانی
- گینگ
- گلوبل
- اچھا
- گروپ
- ہیکروں
- ہیکنگ
- ہیکنگ گروپ
- کس طرح
- HTTPS
- خیال
- اثر
- سمیت
- معلومات
- انٹرنیٹ
- انٹرویو
- ملوث
- مسائل
- IT
- جولائی
- لانگ
- اکثریت
- بنانا
- میلویئر
- انتظام
- دس لاکھ
- ماڈل
- نگرانی
- نیوزی لینڈ
- آپریشنز
- دیگر
- شراکت داروں کے
- ادائیگی
- ادائیگی
- ڈاکٹر
- پیش پیش
- صدر
- تجویز کریں
- تاوان
- ransomware کے
- رینسم ویئر حملہ
- بازیافت
- رپورٹر
- رپورٹیں
- جواب
- رسک
- رسک مینجمنٹ
- RON
- محفوظ
- سیکورٹی
- سیکنڈ اور
- مشترکہ
- مختصر
- So
- حل
- معیار
- بیان
- امریکہ
- چوری
- مطالعہ
- حیرت
- سسٹمز
- ہدف
- وقت
- ٹار
- ٹریفک
- بھروسہ رکھو
- پیغامات
- صارفین
- دکانداروں
- نائب صدر
- خطرے کا سامنا
- ویب
سے زیادہ ای ہیکنگ نیوز
Snake Keylogger: نمایاں ترین Malwares کے لیے ٹاپ 10 کی فہرست میں داخل ہوا۔
ماخذ نوڈ: 1864391
ٹائم اسٹیمپ: اگست 14، 2021
ہیکرز نے روس اور دس سے زائد دیگر پڑوسی ممالک میں سرکاری اداروں کے ملازمین کے اکاؤنٹس ہیک کر لیے
ماخذ نوڈ: 1875936
ٹائم اسٹیمپ: ستمبر 23، 2021
جرمن الیکشن اتھارٹی نے ممکنہ سائبر حملے کی تصدیق کر دی۔
ماخذ نوڈ: 1867105
ٹائم اسٹیمپ: ستمبر 19، 2021
100 ملین JustDial صارفین کا ڈیٹا ایک سال سے زائد عرصے تک غیر محفوظ رہا۔
ماخذ نوڈ: 995497
ٹائم اسٹیمپ: جولائی 29، 2021
مائیکروسافٹ نے سیکیورٹی اپ ڈیٹس جاری کیں جو پیٹ پوٹم این ٹی ایل ایم ریلے حملوں کو روکتی ہیں۔
ماخذ نوڈ: 1018438
ٹائم اسٹیمپ: اگست 12، 2021
تھائی لینڈ کے 106 ملین زائرین کے ڈیٹا کی خلاف ورزی کی گئی ہے۔
ماخذ نوڈ: 1089498
ٹائم اسٹیمپ: ستمبر 23، 2021
سائبر مجرم کھوج سے بچنے کے لیے ایک نیا ڈارک نیٹ ٹول استعمال کر رہے ہیں۔
ماخذ نوڈ: 1864401
ٹائم اسٹیمپ: اگست 14، 2021
XAMPP میزبانوں کو ایجنٹ ٹیسلا کی تقسیم کے لیے ملازم رکھا گیا ہے۔
ماخذ نوڈ: 1859101
ٹائم اسٹیمپ: جولائی 30، 2021
ٹریوس سی آئی کی خامی کی وجہ سے عوامی ذخیروں کے رازوں کو بے نقاب کیا گیا۔
ماخذ نوڈ: 1867175
ٹائم اسٹیمپ: ستمبر 20، 2021
لببک کاؤنٹی نے ڈیٹا لیک کی تردید کی، کہتے ہیں کہ نئے سافٹ ویئر سسٹم کے تحت ڈیٹا عارضی طور پر قابل حصول ہے
ماخذ نوڈ: 1875200
ٹائم اسٹیمپ: ستمبر 20، 2021