Accenture reportedly faced $50M ransomware demand

The consulting firm told Healthcare IT News that the incident had no impact on its operations or on its clients' systems.
By Kat Jercich
03:28 PM

Photo: "Data Security," Visual Content/Flickr, licensed under CC BY 2.0

The consulting firm Accenture is reported to have faced $50 million in ransom following an attack this past month, according to cyber risk intelligence companies.

Researchers from the cyber intelligence firm Cyble said on Twitter that the threat actors claimed to have accessed more than six terabytes of data.

"Through our security controls and protocols, we identified irregular activity in one of our environments," said Accenture in a statement to Healthcare IT News.   

"We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from backup. There was no impact on Accenture's operations, or on our clients' systems."

Confusion has swirled around the Accenture security incident over the past week, with the company largely remaining mum about the details.

But a few pieces of information have begun to trickle to the surface.   

For instance, CyberScoop's Tim Starks reported on Thursday that the attackers, LockBit 2.0, had begun to leak some of their stolen data. Hudson Rock, a cybercrime intelligence data firm, said that 2,500 employee and partner computers had been compromised.  

Starks also quoted from an Accenture internal memo that said the company had noticed the security incident on July 30.  

"While the perpetrators were able to acquire certain documents that reference a small number of clients and certain work materials we had prepared for clients, none of the information is of a highly sensitive nature," the memo reportedly read.  

Accenture isn't alone; Cyble tweeted on Monday of this week that five other organizations had been targeted by LockBit in the past 24 hours.  

"LockBit attacks are known for their ability to encrypt Windows domains by using Active Directory group policies," explained Eleanor Barlow, content manager at SecurityHQ, in a statement to Healthcare IT News

"Once a domain is infected, new group policies are generated by the malware and sent to devices linked to the network. Here, the policies disable the antivirus security and implement the malware."

Lockbit's slow release of data suggests that Accenture didn't pay the $50 million price tag – consistent with federal agencies' official stance on the matter.  

But the question of whether to pony up is a more complicated one, often involving the context (and importance) of data involved.

This past year, the University of California, San Francisco paid $1.14 million to decrypt files following an attack, citing their importance to "some of the academic work we pursue as a university serving the public good." At HIMSS21 this past week, a group of security experts debated the issue.   

"Rather than having a concrete 'always' or 'never,' think about the criteria you will use to make that decision, should you find yourself in a ransomware crisis," advised retired Admiral Michael S. Rogers, former director of the National Security Agency and former commander of the U.S. Cyber Command.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.