On 12 August, well-known British security researcher Kevin Beaumont tweeted that the attackers had already started leaking encrypted data claimed to be from Accenture.
However, the company, which has nearly 570,000 employees worldwide and is valued at US$43 billion, claims that it has suffered no impact to its systems or those of its clients through the attack.
Lockbit have started dumping data for Accenture.
— Kevin Beaumont (@GossiTheDog) August 11, 2021
Their portal is very slow and buggy, probably due to everybody downloading things (what a world).
The 2384 items also had subfolders with items below. pic.twitter.com/fnsd0XyGF2
Like most other ransomware, LockBit only affects Microsoft's Windows operating system.
|
|
Security firm Cyble said in a tweet that the attackers had claimed to have stolen about six terabytes of data and were seeking US$50 million as ransom.
The threatactors have alleged to gain databases of over 6TB and demanding $50M as a ransom. They also alleged that it's an insider job, by someone who is still employed there (unlikely though).
— Cyble (@AuCyble) August 11, 2021
Asked for comment, a company spokesperson told iTWire: "Through our security controls and protocols, we identified irregular activity in one of our environments.
"We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from back-ups. There was no impact on Accenture's operations, or on our clients' systems."
However, the spokesperson neither denied nor confirmed the alleged theft of data.
Asked for his take on the incident, seasoned ransomware researcher Brett Callow of the New Zealand-headquartered firm Emsisoft, said: "Claims made by ransomware gangs should be assumed to be false. They are, to quote an esteemed industry colleague, lying bastards.
"While it's unusual for them to falsely claim to have attacked an organisation, it's not at all unusual for them to overstate both the amount of data exfiltrated and its sensitivity.
"Working out what happened in the aftermath of a ransomware attack is not always easy and can require a multi-week forensic investigation. The gangs often attempt to use this period of uncertainty to their advantage by claiming to have obtained more information, and more sensitive information, than they actually did."
