BHI Energy [1] [2] [3] [4] [5] [6], a subsidiary of Westinghouse Electric Company, recently disclosed a ransomware attack they experienced on May 30, 2023. This incident highlights the importance of robust cybersecurity measures in protecting sensitive data from malicious actors [5], particularly in the energy sector.
Description
On May 30, 2023 [1] [2] [5], BHI Energy fell victim to a ransomware attack initiated by the Akira threat actor. The attack involved unauthorized access to BHI Energy’s internal network using stolen VPN credentials from a third-party contractor [5]. The attackers conducted reconnaissance and exfiltrated a significant amount of data, including a copy of BHI’s Active Directory database [1], totaling 690 GB [1] [4]. On June 29 [1] [2] [4] [5], the cybercriminals proceeded to encrypt all accessible files with the Akira ransomware [1].
In response to the attack, BHI Energy promptly engaged their IT team, external legal counsel, and a third-party cybersecurity firm to investigate the incident [6]. By July 7, 2023 [2] [5], they successfully removed the threat and restored their compromised systems using unaffected cloud backups.
The breach compromised sensitive employee data, including names [1] [2], birth dates [1], Social Security Numbers [1] [2], and health-related information [1] [2]. Specifically, personal information of 896 Iowa residents was affected [6], and they have been duly notified [6]. Fortunately, there is currently no evidence to suggest that the Akira group has shared BHI’s data on the dark web.
To prevent future incidents, BHI Energy has taken significant steps to enhance their security infrastructure. This includes implementing multi-factor authentication for VPN access.
As a gesture of support, BHI Energy is offering a 24-month membership to Experian’s IdentityWorks to the affected individuals [6].
Conclusion
The ransomware attack on BHI Energy highlights the need for robust cybersecurity measures in the energy sector. The incident resulted in the compromise of sensitive employee data, but prompt action allowed for the removal of the threat and restoration of systems. BHI Energy has taken steps to strengthen their security infrastructure and is providing support to affected individuals. This incident serves as a reminder of the ongoing threat posed by malicious actors and the importance of proactive cybersecurity measures.
References
[1] https://heimdalsecurity.com/blog/us-energy-company-reveals-how-akira-ransomware-compromised-its-systems/
[2] https://varutra.com/ctp/threatpost/postDetails/BHI-Energy-Discloses-Details-of-Akira-Ransomware-Attack-on-Its-Systems/aGtKaTNzRU9oOTEyYThVVjVjWGcvZz09
[3] https://thecyberwire.com/newsletters/control-loop/2/11
[4] https://www.redpacketsecurity.com/us-energy-firm-shares-how-akira-ransomware-hacked-its-systems/
[5] https://cybermaterial.com/ransomware-breach-at-bhi-energy/
[6] https://www.darkreading.com/attacks-breaches/bhi-energy-releases-details-of-akira-ransomware-attack
