A LockBit resurgence.
The Australian Cyber Security Centre (ACSC) warns of a coming spike in LockBit 2.0 ransomware and offers recommendations on mitigating risk. LockBit is an affiliate program offered through Russophone criminal markets; it's known for using double extortion. LockBit’s ads on criminal-to-criminal fora provide some suggestions as to how they’re likely to operate. They’ve sought partnerships with other criminals who might offer credential-based access to Remote Desktop Protocol or Virtual Private Network solutions. They’ve also shown an interest in recruiting CobaltStrike and Metasploit jockeys.
The ACSC says that the sectors affected so far have been professional services, construction, manufacturing, retail, and food, but the Centre sensibly points out that any sector is in principle vulnerable to ransomware, and that no one should take the earlier targeting patterns as a reason to drop their guard.
On Tuesday Le Parisien reported that LockBit's operators claim to have executed a ransomware attack against Accenture. According to CNBC Washington correspondent Eamon James, the attackers said they would shortly release some of the files they obtained, and have offered to sell unspecified “insider Accenture information” to interested buyers. LockBit operators claimed to have hit Accenture, and to have obtained some of the company’s data in the course of their attack. The gang threatened to leak the files if they weren’t paid, and as their deadline expired began doing so. The Record has published a screenshot of some of the files that have been dumped, but their assessment is that the data they contain don’t appear to be particularly sensitive.
Since these early reports emerged, Accenture Wednesday morning told ZDNet that, "Through our security controls and protocols, we identified irregular activity in one of our environments. We immediately contained the matter and isolated the affected servers. We fully restored our affected systems from back up. There was no impact on Accenture's operations or on our clients' systems."