Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label BHI Energy. Show all posts
US Energy Service
Akira Ransomware BHI Energy Data Breach Personal Data Breach Ransomware attack US Energy Service

US Energy Service Shared Details on How Akira Ransomware Hacked its Network


US energy service firm BHI Energy recently shared how it compromised its network and data in a ransomware campaign conducted by the Akira ransomware.  

BHI Energy, a division of Westinghouse Electric Company, provides specialized engineering services and workforce solutions to support government and private-run power generation facilities, including nuclear, wind, solar, and fossil fuel units and transmission and distribution lines for energy. 

The company has sent a data breach notification to affected individuals, where it has provided details on how the ransomware gang (Akira) breached its network on May 30, 2023.  

The Akira threat actor initiated the attack by utilizing the compromised VPN credentials of a third-party contractor to gain entry to BGI Energy's internal network. 

"Using that third-party contractor's account, the TA (threat actor) reached the internal BHI network through a VPN connection[…]In the week following initial access, the TA used the same compromised account to perform reconnaissance of the internal network," the breach notification read.  

On June 16, 2023, the Akira operators checked the network again to see how much data had been taken. The threat actors took 690 GB of data, including the Windows Active Directory database of BHI, in 767k files between June 20 and June 29.

After obtaining the data from BHI's network, the threat actors deployed the Akira ransomware on every targeted system to encrypt files on June 29, 2023. At this point, the IT staff at BHI were aware that the business had been compromised. 

The data obtained by the ransomware group involved the personal information of the victim. In an investigation held on September 1, 2023, it was revealed that the stolen data included: 

  • Full name 
  • Date of birth 
  • Social Security Number (SSN) 
  • Health information
The firm confirms that in order to assist them in recovering the affected systems, they got in touch with external experts and informed law enforcement about the breach. On July 7, 2023, the threat actor's access to BHI's network was eliminated. 

The firm claims that it was able to restore its systems without having to pay a ransom because it was able to retrieve data from a cloud backup solution that was unaffected by the ransomware attack.

Moreover, by implementing multi-factor authentication for VPN access, resetting all passwords globally, expanding the deployment of EDR and AV technologies to cover every area of its environment, and decommissioning legacy systems, BHI strengthened its security protocols even further.  

Read more »
Subscribe to: Posts (Atom)