Accenture, the global consulting firm, has been hit by the LockBit ransomware gang, according to the cybercriminal group’s website.
Accenture (ACN)’s encrypted files will be published by the group on the dark web on Wednesday unless the company pays the ransom, LockBit claimed, according to screenshots of the website reviewed by CNN Business and Emsisoft, a cybersecurity firm.
Stacey Jones, an Accenture spokesperson, confirmed a cybersecurity incident to CNN Business on Wednesday, but did not explicitly acknowledge a ransomware attack.
“Through our security controls and protocols, we identified irregular activity in one of our environments,” Jones said in a statement. “We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from back up. There was no impact on Accenture’s operations, or on our clients’ systems.”
The LockBit ransomware gang first emerged in September 2019, according to an Emsisoft profile of the group. LockBit, like many other ransomware gangs, leases its malicious software to third-party criminal affiliates who then receive a cut of ransoms in exchange for planting the code onto victim networks.
The following year, Interpol warned of a spike in attacks using the LockBit malicious software. Major victims of the group include Merseyrail, a UK rail network, and the Press Trust of India, an Indian news organization, according to Emsisoft.
Ransomware has become a critical threat to national and economic security, the US government has said, amid a string of attacks against corporate and infrastructure targets. Earlier this year, an attack by the group DarkSide forced Colonial Pipeline to shut down its fuel distribution operation, causing gasoline shortages nationwide. The criminal gang REvil attacked JBS Foods, one of the world’s largest meat suppliers. And a subsequent attack by the same group — targeting the IT software vendor Kaseya — wound up infecting an estimated 1,500 small businesses around the world.
Brett Callow, a threat analyst at Emsisoft, said it is possible that former affiliates of the REvil ransomware gang may have aligned themselves with LockBit following REvil’s sudden disappearance following the Kaseya attack.