24 October 2023

US energy firm shares details on Akira ransomware attack


US energy firm shares details on Akira ransomware attack

US energy services provider BHI Energy, which is part of Westinghouse Electric Company, disclosed some details about an Akira ransomware attack it suffered in late June 2023.

In a data security incident notice the company said that it was hit with the attack on June 29, which caused minor disruption to its business operations. An investigation into the incident revealed that the intruders gained initial access to BHI’s network on May 30, 2023 through a compromised third-party contractor’ account.

The attackers then broke into the company’s internal network via a VPN connection and used the hacked contractor’ account to collect information for further attacks.

Between June 20 and June 29, the attackers exfiltrated 690 GB of data and deployed the Akira ransomware, encrypting some of the systems.

BHI said it promptly engaged security experts to remove the malware from the network and informed law enforcement of the incident. The company said it managed to recover data from its cloud backup, so it didn’t need to obtain a ransomware decryption tool from the threat actor.

By July 7, the company restored its systems and took steps to strengthen defenses.

According to BHI, some of the stolen files contained personal information, including name, address, date of birth, and Social Security number, and potentially health information, of around 900 people. The company said it informed the affected individuals of the breach.


Back to the list

Latest Posts

Cyber Security Week in Review: April 12, 2024

Cyber Security Week in Review: April 12, 2024

In brief: Microsoft and Palo Alto fix zero-days, Sisense suffers data breach, and more.
12 April 2024
TA547 threat actor targets German orgs with Rhadamanthys info-stealer

TA547 threat actor targets German orgs with Rhadamanthys info-stealer

The group appears to have incorporated LLM-generated PowerShell scripts in their attacks.
11 April 2024
Apple enhances spyware threat notifications

Apple enhances spyware threat notifications

The company will alert users who are individually targeted by mercenary spyware attacks.
11 April 2024