Accenture LockBit Ransomware Attack 2021: 6TB Data Threatened, Lessons for Consulting Firms
In August 2021, the LockBit ransomware group announced it had attacked Accenture — one of the world's largest consulting and professional services firms — and was threatening to publish 6 terabytes of stolen data unless a $50 million ransom was paid. Accenture confirmed it had identified "irregular activity" and said it had contained the incident. LockBit subsequently published what it claimed was a sample of stolen data, including files related to client engagements. The attack demonstrated that even the world's most sophisticated technology-focused consulting firms are not immune to ransomware — and that client data is the primary lever attackers use against professional services firms.
LockBit threatened to publish 6TB of Accenture data in 2021 — demanding a $50M ransom.
What Happened
LockBit 2.0 operators announced on their leak site that they had compromised Accenture's network and exfiltrated 6TB of data. They claimed to have found "dozens of decryptors" — suggesting they had compromised multiple enterprise clients' credentials stored in Accenture's systems. Accenture confirmed the incident, stating that it had identified irregular activity in one of its environments and that it had immediately contained the matter. The firm said customer systems and operations were not affected. LockBit subsequently began publishing files it claimed were from the breach.
Why This Attack Is a Wake-Up Call for All Professional Services Firms
Accenture employs more than 700,000 people and has a dedicated cybersecurity business. If Accenture can be compromised, the question for every professional services firm is not whether a breach can happen, but whether their controls are sufficient to: (1) detect the intrusion quickly; (2) contain it before significant data is exfiltrated; (3) recover systems rapidly; and (4) manage the client notification and regulatory obligations that follow. Most professional services firms have far fewer security resources than Accenture and need to compensate with efficient, well-chosen controls.
Ransomware Resilience for Professional Services Firms
The controls that most reduce ransomware risk and impact in professional services environments are:
- Email security — phishing is the primary ransomware entry point; advanced email threat protection, DMARC, and staff training are essential
- MFA everywhere — credential stuffing and phishing-harvested credentials are the second most common entry vector
- EDR — endpoint detection and response provides the threat visibility needed to detect ransomware before it spreads across the network
- Network segmentation — limiting lateral movement by segmenting client data environments from general-purpose infrastructure
- Tested backups — immutable, offsite backups that can restore systems without paying a ransom
- Incident response plan — a tested IR plan with cyber insurer and legal adviser contacts pre-loaded
Frequently Asked Questions
What should a professional services firm do if hit by ransomware?
Immediately isolate affected systems from the network to prevent lateral spread. Do not turn systems off — preserved memory may contain forensic evidence. Contact your cyber insurer immediately — most policies require notification within hours of discovery. Engage your legal advisers, who will advise on client notification obligations and ransom payment legality. Do not negotiate with attackers without legal and insurer guidance. Notify the NCSC and ICO as appropriate. Preserve all logs and forensic evidence for the investigation.
Assess your ransomware resilience
Kyanite Blue specialises in cybersecurity for iGaming operators. MGA-licensed operators across Malta trust our stack.
Get in touchReady to secure your iGaming operation?
MGA-licensed operators across Malta trust Kyanite Blue.