BHI Energy Releases Details of Akira Ransomware Attack
The threat actor exfiltrated 690GB of uncompressed data, or 767,035 files.
Westinghouse subsidiary BHI Energy, an energy services provider, confirmed that it experienced an Akira ransomware attack in June.
BHI's IT team at BHI discovered network data being encrypted in late June; as it proceeded to investigate the incident, it brought in outside counsel and a third-party cybersecurity firm.
The cybersecurity firm found that Akira, the threat actor, gained initial access in late May through the compromised account of a third-party contractor, resulting in the threat actor reaching "the internal BHI network through a VPN connection."
According to the notice sent to Iowa's consumer protection agency, in the week after first gaining access, the threat actor performed reconnaissance of the internal network on two different occasions. In late June, the threat actor started exfiltrating 690GB of data over nine days, including data like BHI's Active Directory database. Once the threat actor completed this, they then deployed the Akira ransomware.
The threat actor was removed from BHI's network in July, and the company took several steps to secure its environment. Since BHI's cloud backup solution was unaffected, the company was able to recover data without needing a ransomware decryption tool.
In reviewing the affected systems, BHI found that the data affected included personal information such as full names, dates of birth, Social Security numbers, and health information of 896 Iowa residents, who have since been notified. BHI is offering a 24-month membership to Experian's IdentityWorks to these people.
About the Author
You May Also Like
How to Evaluate Hybrid-Cloud Network Policies and Enhance Security
September 18, 2024DORA and PCI DSS 4.0: Scale Your Mainframe Security Strategy Among Evolving Regulations
September 26, 2024Harnessing the Power of Automation to Boost Enterprise Cybersecurity
October 3, 202410 Emerging Vulnerabilities Every Enterprise Should Know
October 30, 2024
State of AI in Cybersecurity: Beyond the Hype
October 30, 2024[Virtual Event] The Essential Guide to Cloud Management
October 17, 2024Black Hat Europe - December 9-12 - Learn More
December 10, 2024SecTor - Canada's IT Security Conference Oct 22-24 - Learn More
October 22, 2024