Carding 4 Carders
Professional
What can the loss of 690 GB of confidential data lead to?
American energy company BHI Energy has revealed how hackers linked to the Akira ransomware group penetrated their networks and stole confidential data.
BHI Energy, part of Westinghouse Electric, specializes in providing engineering services and human resources solutions for private and public facilities in the oil and gas, nuclear, wind, solar and thermal generation sectors.
In a data leak alert sent by BHI Energy to victims on October 18, the company provided detailed information about how the attackers penetrated BHI Energy's networks on May 30, 2023 and used the Akira ransomware.
The attack reportedly began with the use of stolen VPN data from a third-party contractor to access BHI Energy's internal network. Within a week of the initial access, the attackers explored the company's internal network to deliver a devastating blow later.
On June 16, 2023, Akira operators returned to the company's network through a backdoor left behind to determine what data would be stolen. From June 20 to June 29, attackers stole 767,000 files totaling 690 GB, including the company's Active Directory database.
On June 29, after the data theft was completed, Akira ransomware was installed on all devices in the BHI Energy network. The company's IT team discovered the compromise only after the encryption stage, when the hack became obvious.
After discovering the incident, the company immediately contacted law enforcement agencies and engaged third-party experts to restore the systems. On July 7, 2023, the BHI network was cleared of malware.
The company reported that specialists were able to restore data from a backup copy in the cloud that was not affected by the attack. Thus, no ransom payment was required.
As a security measure, BHI has increased security by introducing multi-factor authentication for VPN access, implementing global password changes, and expanding the deployment of EDR and AV tools.
Despite successful system recovery, the attackers managed to steal employees ' personal data, including their full name, date of birth, social security number, and medical information.
At the time of publication of the data, Akira hackers have not yet exposed the stolen information on their darknet portal and have not yet announced the BHI Energy data leaks.
Victims of the leak received free two-year protection against identity theft in the Experian service.
American energy company BHI Energy has revealed how hackers linked to the Akira ransomware group penetrated their networks and stole confidential data.
BHI Energy, part of Westinghouse Electric, specializes in providing engineering services and human resources solutions for private and public facilities in the oil and gas, nuclear, wind, solar and thermal generation sectors.
In a data leak alert sent by BHI Energy to victims on October 18, the company provided detailed information about how the attackers penetrated BHI Energy's networks on May 30, 2023 and used the Akira ransomware.
The attack reportedly began with the use of stolen VPN data from a third-party contractor to access BHI Energy's internal network. Within a week of the initial access, the attackers explored the company's internal network to deliver a devastating blow later.
On June 16, 2023, Akira operators returned to the company's network through a backdoor left behind to determine what data would be stolen. From June 20 to June 29, attackers stole 767,000 files totaling 690 GB, including the company's Active Directory database.
On June 29, after the data theft was completed, Akira ransomware was installed on all devices in the BHI Energy network. The company's IT team discovered the compromise only after the encryption stage, when the hack became obvious.
After discovering the incident, the company immediately contacted law enforcement agencies and engaged third-party experts to restore the systems. On July 7, 2023, the BHI network was cleared of malware.
The company reported that specialists were able to restore data from a backup copy in the cloud that was not affected by the attack. Thus, no ransom payment was required.
As a security measure, BHI has increased security by introducing multi-factor authentication for VPN access, implementing global password changes, and expanding the deployment of EDR and AV tools.
Despite successful system recovery, the attackers managed to steal employees ' personal data, including their full name, date of birth, social security number, and medical information.
At the time of publication of the data, Akira hackers have not yet exposed the stolen information on their darknet portal and have not yet announced the BHI Energy data leaks.
Victims of the leak received free two-year protection against identity theft in the Experian service.
