Accenture has been hit by a LockBit 2.0 ransomware attack

Global consulting giant Accenture has allegedly been hit by a ransomware attack carried out by LockBit 2.0 ransomware operators.

IT and consulting giant Accenture was hit by a ransomware attack carried out by LockBit 2.0 ransomware operators, the group announced the hack on its leak site,

“These people are beyond privacy and security. I really hope that their services are better than what I saw as an insider. If you’re interested in buying some databases reach us” reads the announcement published on the leak site.

The group did not share any files as proof of the attack, according to the threat intelligence firm Cyble the ransomware gang has stolen databases containing over 6TB of data and are demanding a $50M ransom. The experts claim that the hack was the result of an insider job.

At the time of this writing, the countdown displayed on the leak site has ended and the group is threatening to publish files allegedly stolen from the company. The leak site shows a folder named W1 that contains a collection of PDF documents allegedly stolen from the company.

It is not clear how the threat actors breached the company and when the security breach took place.

Accenture attempted to downplay the incident and revealed that impacted systems had been recovered using its backups.

“Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers.” Accenture told BleepingComputer. “We fully restored our affected systems from back-up. There was no impact on Accenture’s operations, or on our clients’ systems,”

BlepingComputer, citing sources familiar with the security breach, revealed that Accenture had confirmed the ransomware attack to at least one CTI vendor.

Recently, the Australian Cyber Security Centre (ACSC) has warned of escalating LockBit 2.0 ransomware attacks against Australian organizations starting July 2021.

Update August 11, 2021

Lockbit ransomware operators have postponed the leak of the stolen data. No data are available for download until 12 Aug, 2021 20:43:00:

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.