BHI Energy Releases Details of Akira Ransomware Attack

The threat actor exfiltrated 690GB of uncompressed data, or 767,035 files.

Dark Reading Staff, Dark Reading

October 25, 2023

1 Min Read
A bunch of code in blue with the word "Ransomware" in the middle in red
Source: Christophe Coat via Alamy Stock Photo

Westinghouse subsidiary BHI Energy, an energy services provider, confirmed that it experienced an Akira ransomware attack in June.

BHI's IT team at BHI discovered network data being encrypted in late June; as it proceeded to investigate the incident, it brought in outside counsel and a third-party cybersecurity firm.

The cybersecurity firm found that Akira, the threat actor, gained initial access in late May through the compromised account of a third-party contractor, resulting in the threat actor reaching "the internal BHI network through a VPN connection."

According to the notice sent to Iowa's consumer protection agency, in the week after first gaining access, the threat actor performed reconnaissance of the internal network on two different occasions. In late June, the threat actor started exfiltrating 690GB of data over nine days, including data like BHI's Active Directory database. Once the threat actor completed this, they then deployed the Akira ransomware.

The threat actor was removed from BHI's network in July, and the company took several steps to secure its environment. Since BHI's cloud backup solution was unaffected, the company was able to recover data without needing a ransomware decryption tool.

In reviewing the affected systems, BHI found that the data affected included personal information such as full names, dates of birth, Social Security numbers, and health information of 896 Iowa residents, who have since been notified. BHI is offering a 24-month membership to Experian's IdentityWorks to these people.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights