Westinghouse Subsidiary BHI Energy Faces Akira Ransomware Attack
The Incident
In June, BHI Energy, an energy services provider and subsidiary of Westinghouse, fell victim to an Akira ransomware attack. The incident was first discovered by BHI’s IT team, who noticed network data being encrypted. Promptly, BHI initiated an investigation and sought external expertise by engaging outside counsel and a third-party cybersecurity firm.
Upon conducting a thorough analysis, the cybersecurity firm determined that the threat actor, known as Akira, had gained initial access through a compromised account of a third-party contractor in late May. Using this compromised account, the threat actor was able to gain entry into BHI’s internal network through a VPN connection. For an entire week after gaining access, the attacker performed reconnaissance on the network on two separate occasions.
After this period, in late June, the attackers exfiltrated approximately 690 gigabytes of data over a span of nine days. This included sensitive information such as BHI’s Active Directory database. Once the threat actor successfully completed this data exfiltration, they proceeded to deploy the Akira ransomware.
Fortunately, in July, BHI managed to remove the threat actor from its network and implemented several measures to bolster the security of its environment. Notably, BHI’s cloud backup solution remained unaffected throughout this incident, enabling the company to recover its data without needing to rely on a ransomware decryption tool.
Impact and Response
In the aftermath of the attack, BHI performed a comprehensive review of its affected systems. As part of this evaluation, the company identified that the compromised data included personal information of a specific group of individuals. The affected data encompassed full names, dates of birth, Social Security numbers, and health information of 896 residents of Iowa.
In adherence to responsible data breach management practices and legal requirements, BHI promptly informed the impacted individuals and offered them a 24-month membership to Experian’s IdentityWorks service. This service aims to provide affected individuals with enhanced protection against identity theft and related fraudulent activities.
Lessons Learned and the Importance of Cybersecurity
The attack on BHI Energy serves as yet another reminder of the persistent and evolving nature of cyber threats. As technology advances and organizations become increasingly interconnected, the potential for cyberattacks only grows, particularly for entities operating in critical infrastructure sectors like energy services.
It is crucial for all organizations, regardless of their size or industry, to prioritize cybersecurity. Robust security measures, including comprehensive training for employees, multi-factor authentication, regular vulnerability assessments, and incident response plans, are essential components of a proactive cybersecurity strategy.
In addition, organizations should establish a culture of cybersecurity awareness and vigilance, encouraging employees to follow best practices, exercise caution when handling sensitive data, and promptly report any suspicious activity. Collaborating with trusted third-party cybersecurity professionals can also help identify and mitigate potential vulnerabilities.
Editorial: Protecting Organizations and Individuals
The BHI Energy Akira ransomware attack highlights the need for continuous investment in cybersecurity measures to safeguard both organizations and individuals. Without adequate protection, entities risk reputational damage, financial losses, and potential harm to individuals whose personal information is compromised.
Furthermore, comprehensive legislation and regulatory frameworks need to be in place to ensure that organizations are held accountable for protecting sensitive data and that affected individuals receive proper notification and support in the aftermath of a breach.
Authorities and industry leaders must collaborate to develop and enforce stringent cybersecurity standards across critical infrastructure sectors. This collective effort is essential to mitigate the risks posed by cyber threats as society becomes increasingly reliant on technology and interconnected systems.
Advice for Organizations and Individuals
For organizations, investing in robust cybersecurity measures and staying updated on emerging threats is critical. Conduct regular vulnerability assessments, train employees on best practices, and develop effective incident response plans. Collaborating with reputable cybersecurity professionals can provide specialized expertise and minimize vulnerabilities.
Individuals should prioritize personal cybersecurity as well. Implement strong, unique passwords, enable multi-factor authentication whenever possible, and exercise caution when sharing personal information online. Regularly update software and install security patches to mitigate potential vulnerabilities.
Additionally, closely monitor financial and personal accounts for any signs of unauthorized activity. Awareness and proactivity are key to protecting ourselves in this digital age.
<< photo by Sigmund >>
The image is for illustrative purposes only and does not depict the actual situation.
You might want to read !
- “Inside the Intrigue: Unveiling the Connection Between the ‘YoroTrooper’ Espionage Group and Kazakhstan”
- Cybersecurity Alert: Citrix Urges Patching While Researchers Release Exploit
- The Compelling Need for Real-World Context in Prioritizing CVE Scores
- The Rising Threat of Credential Theft: How Dropbox Outpaces Microsoft SharePoint
- The Rise of SYN Ventures: Fueling the Future of US Cybersecurity with $75 Million Seed Fund
- SecurityWeek Announces 2023 ICS Cybersecurity Conference to Tackle Critical Infrastructure Threats in Atlanta
- Critical Security Vulnerabilities Patched in Latest Firefox and Chrome Updates: An Urgent Call for User Action
- The Virtual Alarm: Understanding VMware’s Major Security Advisory
