Consulting firm Accenture is hit by Russian cyber hackers LockBit

Consulting firm Accenture is hit by Russian cyber hackers who demand $50M after claiming they stole six terabytes of ‘top secret’ data

  • LockBit ransomware gang claimed attack against global consultancy Accenture
  • Group says it has six terabytes of ‘top secret’ information and demands $50M
  • Accenture acknowledges an incident but says it was able to contain the attack
  • It is the latest ransomware attack after a series of high-profile incidents 
  • The LockBit gang claims that it will begin releasing stolen files from Accenture at 4.43pm ET on Thursday unless its ransom demand is met 










Russian ransomware crooks have breached Accenture in an apparent ransomware attack, but the global consulting giant says the incident was immediately contained with no impact on its systems.

The LockBit ransomware gang announced the attack Tuesday night on its dark web leak site, claiming they stole more than 6 terabytes of ‘top secret’ data from Accenture, and demanding $50 million by Thursday. 

LockBit is one of a number of Russian-speaking hacking gangs that avoids targeting any victims in former Soviet states, a measure that is believed to allow them to operate with tacit approval from the Russian government. 

Accenture said in a statement Wednesday that it had ‘identified irregular activity in one of our environments’ and ‘immediately contained the matter and isolated the affected servers.’

The LockBit gang claims on its dark web blog (above) that it will begin releasing stolen files from Accenture at 4.43pm ET on Thursday unless its ransom demand is met

Russian ransomware crooks have breached Accenture in an apparent ransomware attack, but the global consulting giant says the incident was immediately contained

Russian ransomware crooks have breached Accenture in an apparent ransomware attack, but the global consulting giant says the incident was immediately contained

LockBit: Russia’s latest cyberhacking gang 

LockBit is a Russian-speaking ransomware syndicate that does not target former Soviet countries. 

It is one of the most efficient ransomware variants around, using automated deployment to complete attacks within hours, according to the cybersecurity firm Emsisoft. 

Active since September 2019, it has attacked thousands of organizations, and targets all kinds of companies from small to large.

Reported LockBit victims include the Indian news agency Press Trust and the UK rail network Merseyrail.

The company did not specify when the incident occurred – or acknowledge that it was ransomware. But the description of its response was consistent with a ransomware incident.

Accenture provides management and technology consulting services to clients including e-commerce giant Alibaba, Cisco and Alphabet Inc’s Google, according to their 2020 annual report. 

LockBit is a Russian-speaking ransomware syndicate that does not target former Soviet countries. 

It is one of the most efficient ransomware variants around, according to the cybersecurity firm Emsisoft. Active since September 2019, it has attacked thousands of organizations.

Among its known victims are Press Trust of India. Hit in October 2020, the the largest news agency in India was crippled for hours but survived the attack without paying ransom.

In April 2021, UK rail network Merseyrail was allegedly targeted by LockBit. 

Hackers apparently hijacked a director’s email account and sent a message to employees and journalists claiming data had been stolen.

The attack on Accenture is merely the latest in a string of high-profile ransomware strikes on major Western companies.

In May, the REvil group breached the Colonial Pipeline company, disrupting fuel supplies along the East Coast for days and causing chaos.

The LockBit ransomware gang announced the attack Tuesday night on its dark web leak site, claiming they stole more than 6 terabytes of 'top secret' data from Accenture

The LockBit ransomware gang announced the attack Tuesday night on its dark web leak site, claiming they stole more than 6 terabytes of ‘top secret’ data from Accenture

Days later, beef processing giant JBS USA confirmed that it had been the victim of a REvil attack, forcing it to take operations offline for several days.

The ReVil group later mysteriously disappeared, and some experts believe that members of the group joined forces with LockBit after going underground.

The LockBit gang claims that it will begin releasing stolen files from Accenture at 4.43pm ET on Thursday unless its ransom demand is met.  

Advertisement