US energy services provider BHI Energy, which is part of Westinghouse Electric Company, disclosed some details about an Akira ransomware attack it suffered in late June 2023.
In a data security incident notice the company said that it was hit with the attack on June 29, which caused minor disruption to its business operations. An investigation into the incident revealed that the intruders gained initial access to BHI’s network on May 30, 2023 through a compromised third-party contractor’ account.
The attackers then broke into the company’s internal network via a VPN connection and used the hacked contractor’ account to collect information for further attacks.
Between June 20 and June 29, the attackers exfiltrated 690 GB of data and deployed the Akira ransomware, encrypting some of the systems.
BHI said it promptly engaged security experts to remove the malware from the network and informed law enforcement of the incident. The company said it managed to recover data from its cloud backup, so it didn’t need to obtain a ransomware decryption tool from the threat actor.
By July 7, the company restored its systems and took steps to strengthen defenses.
According to BHI, some of the stolen files contained personal information, including name, address, date of birth, and Social Security number, and potentially health information, of around 900 people. The company said it informed the affected individuals of the breach.