![This photo taken on August 4, 2020 shows Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, using his computer at their office in Dongguan, China's southern Guangdong province. - From a small, dingy office tucked away in an industrial city in southern China, one of China's last "volunteer hacker" groups maintains a final outpost in its patriotic hacking war. (Photo by NICOLAS ASFOURI / AFP) / TO GO WITH China-hacking-security,FOCUS by Laurie Chen / The erroneous mention[s] appearing in the metadata of this photo by NICOLAS ASFOURI has been modified in AFP systems in the following, we removed the HOLD HOLD HOLD in the main caption. Please immediately remove the erroneous mention[s] from all your online services and delete it (them) from your servers. If you have been authorized by AFP to distribute it (them) to third parties, please ensure that the same actions are carried out by them. Failure to promptly comply with these instructions will entail liability on your part for any continued or post notification usage. Therefore we thank you very much for all your attention and prompt action. We are sorry for the inconvenience this notification may cause and remain at your disposal for any further information you may require. (Photo by NICOLAS ASFOURI/AFP via Getty Images)](https://media.cnn.com/api/v1/images/stellar/prod/210621154549-hackers-keyboard.jpg?q=x_0,y_131,h_1419,w_2523,c_crop/w_250)
Accenture, the global consulting firm, has been hit by the LockBit ransomware gang, according to the cybercriminal group’s website.
Accenture (ACN)’s encrypted files will be published by the group on the dark web on Wednesday unless the company pays the ransom, LockBit claimed, according to screenshots of the website reviewed by CNN Business and Emsisoft, a cybersecurity firm.
Stacey Jones, an Accenture spokesperson, confirmed a cybersecurity incident to CNN Business on Wednesday, but did not explicitly acknowledge a ransomware attack.
“Through our security controls and protocols, we identified irregular activity in one of our environments,” Jones said in a statement. “We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from back up. There was no impact on Accenture’s operations, or on our clients’ systems.”
The LockBit ransomware gang first emerged in September 2019, according to an Emsisoft profile of the group. LockBit, like many other ransomware gangs, leases its malicious software to third-party criminal affiliates who then receive a cut of ransoms in exchange for planting the code onto victim networks.
The following year, Interpol warned of a spike in attacks using the LockBit malicious software. Major victims of the group include Merseyrail, a UK rail network, and the Press Trust of India, an Indian news organization, according to Emsisoft.
Ransomware has become a critical threat to national and economic security, the US government has said, amid a string of attacks against corporate and infrastructure targets. Earlier this year, an attack by the group DarkSide forced Colonial Pipeline to shut down its fuel distribution operation, causing gasoline shortages nationwide. The criminal gang REvil attacked JBS Foods, one of the world’s largest meat suppliers. And a subsequent attack by the same group — targeting the IT software vendor Kaseya — wound up infecting an estimated 1,500 small businesses around the world.
Brett Callow, a threat analyst at Emsisoft, said it is possible that former affiliates of the REvil ransomware gang may have aligned themselves with LockBit following REvil’s sudden disappearance following the Kaseya attack.
