Deloitte denies compromise by Brain Cipher ransomware gang

But cybercrime group claims to have stolen 1GB of data

Deloitte, one of the biggest accounting and audit firms in the world, has denied falling victim to a targeted attack by the Brain Cipher ransomware gang.

Deloitte, one of the so-called Big Four accountacy firms, says the gang’s claims are false and relate to a client’s system, not its own.

It added that the client system is not connected in any way to Deloitte’s own internal systems.

In a statement to Cybernews, a Deloitte spokesperson said: “We are aware of the claims by the threat actor. Our investigation indicates that the allegations relate to a single client’s system which sits outside of the Deloitte network. No Deloitte systems have been impacted.”

However, the group has threatened to publish its stolen data unless Deloitte pays up. Brain Cipher has given Deloitte ten days to comply with their demand.

In a statement, the group claimed that “giant companies do not always do their jobs well,” and indicated that Deloitte’s cyber security was not as robust as it ought to be.

Brain Cipher emerged in the summer following a series of compromises, including a major attack on Indonesia's Temporary National Data Center (PDNS) at the end of June 2024, disrupting more than 230 government Indonesian agencies. Following the attack, it was found that not all agencies had been diligently performing regular backups.

After demanding a ransom of $8 million (£6.25m) via the Monero cryptocurrency, they subsequently apologised and issued the decryption key free of charge. Bizarrely, they claimed they were acting as a penetration tester to expose weaknesses in Indonesia's cybersecurity.

Brain Cipher’s ransomware is based on a tweaked LockBit 3.0 builder, according to BleepingComputer. This ransomware software was leaked in 2022, and has been widely used in various adapted versions since then.

A breakdown of the Brain Cipher ransomware toolkit by Group-IB can be found here.