BHI Energy Releases Details of Akira Ransomware Attack - Dark Reading
2023-10-25 19:18 (EST) - Dark Reading
Westinghouse subsidiary BHI Energy, an energy services provider, confirmed that it experienced an Akira ransomware attack in June.
BHIs IT team at BHI discovered network data being encrypted in late June; as it proceeded to investigate the incident, it brought in outside counsel and a third-party cybersecurity firm.
The cybersecurity firm found that Akira, the threat actor, gained initial access in late May through the compromised account of a third-party contractor, resulting in the threat actor reaching "the internal BHI network through a VPN connection."
According to the notice sent to Iowas consumer protection agency, in the week after first gaining access, the threat actor performed reconnaissance of the internal network on two different occasions. In late June, the threat actor started exfiltrating 690 gigabytes of data over nine days, including data like BHIs Active Directory database. Once the threat actor completed this, they then deployed the Akira ransomware.
The threat actor was removed from BHIs network in July, and the company took several steps to secure its environment. Since BHIs cloud backup solution was unaffected, the company was able to recover data without needing a ransomware decryption tool.
In reviewing the affected systems, BHI found that the data affected included personal information such as full names, dates of birth, Social Security numbers, and health information of 896 Iowa residents, who have since been notified. BHI is offering a 24-month membership to Experians IdentityWorks to these people.
