Accenture Is Hours Away From Exposure as LockBit Is Ready to Release Stolen Data

Written by Bill Toulas
Last updated August 18, 2021

Accenture, the multinational consulting firm with tens of billions USD in annual revenue and over half a million employees worldwide, is being blackmailed by the LockBit ransomware group, which has launched a successful attack against them.

The countdown counter on the actor's Tor site has a little more than six hours left before all of the stolen data is published for everyone to see. Still, the firm doesn’t appear to be worried about this, claiming that the impact is minimal, the incident was isolated, and they already restored from backups. Client systems and all operations remained unaffected, so Accenture hasn’t made any effort to negotiate the payment of the ransom.


At some point yesterday, the counter reached zero. The actors published some documents that didn’t appear to contain very sensitive data, so this could be just a warning or an act to prove the legitimacy of the claims. However, it may also mean that the actors don’t really have anything valuable in their hands to proceed with the extortion. If Accenture contained the damage on certain secondary-importance servers as they claim, this could indeed be the case here.

Hitesh Sheth, President & CEO at cybersecurity expert ‘Vectra,’ tells us:

First reports suggest Accenture had data backup protocols in place and moved quickly to isolate affected servers. It’s too soon for an outside observer to assess the damage. However, this is yet another reminder to businesses to scrutinize security standards at their vendors, partners, and providers. Every enterprise should expect attacks like this – perhaps especially a global consulting firm with links to so many other companies. It’s how you anticipate, plan for and recover from attacks that counts.

In the meantime, cyber-intelligence firm Cyble has also published a Tweet where it sums up what its radars have been able to catch, speaking about the possibility of this being an insider job by someone who is still employed in Accenture, putting the ransom amount to $50 million, and the size of the stolen data at 6TB. We have no way to confirm any of that, so we’re reproducing it with caution.

LockBit kicked off the second generation of its affiliate RaaS program this June, and the attack on Accenture is one of the most prominent and high-profile they achieve since their reboot.

For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: