US energy firm shares how Akira ransomware hacked its systems

In a rare display of transparency, US energy services firm BHI Energy details how the Akira ransomware operation breached their networks and stole the data during the attack. BHI Energy, part of Westinghouse Electric Company, is a specialty engineering services and staffing solutions provider supporting private and government-operated oil & gas, nuclear, wind, solar, and fossil power generation units and electricity transmission and distribution facilities. In a data breach notification sent by BHI Energy to impacted people, the company provides detailed information on how the Akira ransomware gang breached its network on May 30, 2023. The attack first started by the Akira threat actor using the stolen VPN credentials for a third-party contractor to access BGI Energy's internal network. "Using that third-party contractor's account, the TA reached the internal BHI network through a VPN connection," reads the data breach notification. "In the week following initial access, the TA used the same compromised account to perform reconnaissance of the internal network." The Akira operators revisited the network on June 16, 2023, to enumerate data would be stolen. Between June 20 and 29, the threat actors stole 767k files containing 690 GB of data, including BHI's Windows Active Directory database. Finally, on June 29, 2023, having stolen all data they could from BHI's network, the threat actors deployed the Akira ransomware on all devices to encrypt files. This was when BHI's IT team realized the company had been compromised. The firm says they immediately informed law enforcement and engaged with external experts to help them recover the impacted systems. The threat actor's foothold on BHI's network was removed on July 7, 2023. The company says it was able to recover data from a cloud backup solution that hadn't been affected by the ransomware attack, so they were able to restore their systems without paying a ransom. BHI bolstered its security measures by imposing multi-factor authentication on VPN access, performing a global password reset, extending the deployment of EDR and AV tools to cover all sections of its environment, and decommissioning legacy systems. While BHI was able to recover its systems, the threat actors could steal data containing employees' personal information. At the time of writing this, Akira ransomware has not leaked any data belonging to BHI on its extortion portal on the dark web, and neither have the cybercriminals announced BHI in their upcoming data leaks. The data breach notices enclose instructions on enrolling in a two-year identity theft protection service through Experian. Blackbaud agrees to $49.5 million settlement for ransomware data breach. MGM Resorts ransomware attack led to $100 million loss, data theft. Sony confirms data breach impacting thousands in the U.S. Motel One discloses data breach following ransomware attack.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to US energy firm shares how Akira ransomware hacked its systems

Renewable Energy Technology: Powering the Future - Engage in the discussion on how renewable energy technology is set to revolutionize our world and reshape the energy landscape for future generations. From rooftop solar panels to large solar farms, this renewable technology is leading us towards ...
7 months ago Securityzap.com
US energy firm shares how Akira ransomware hacked its systems - In a rare display of transparency, US energy services firm BHI Energy details how the Akira ransomware operation breached their networks and stole the data during the attack. BHI Energy, part of Westinghouse Electric Company, is a specialty ...
11 months ago Bleepingcomputer.com
Investing in Africa's Clean Energy Transition - Among our vision, we see the transition to clean energy not just as a necessity, but as a catalyst for inclusive growth and digital innovation. Africa's energy landscape is confronting a critical shortfall, with roughly 600 million people in ...
10 months ago Feedpress.me
Energy-Efficient Home Automation: Saving the Planet and Your Wallet - Home automation solutions offer an array of benefits, from improved convenience to decreased energy bills. This article will explore the types of home automation systems available, as well as their cost and potential for energy efficiency. The ...
10 months ago Securityzap.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
U.S DOE Announces $70 Million Funding for Improving - Funding that will support research into tech Today, the U.S. Department of Energy announced funding of up to $70 million to support research into technologies intended to reduce risks and increase resilience to energy delivery infrastructure from a ...
10 months ago Cysecurity.news
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
10 months ago Bleepingcomputer.com
The Week in Ransomware - Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. On Tuesday, the Australian, US, and UK governments announced sanctions against Aleksandr Gennadievich ...
9 months ago Bleepingcomputer.com
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
9 months ago Bleepingcomputer.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
9 months ago Securityboulevard.com
Tietoevry ransomware attack causes outages for Swedish firms, cities - Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered a ransomware attack impacting cloud hosting customers in one of its data centers in Sweden, with the attack reportedly conducted by the Akira ransomware gang. Tietoevry ...
9 months ago Bleepingcomputer.com
Smart Thermostats: Savings and Comfort at Your Fingertips - Smart thermostats offer a modern approach to home temperature control that can provide significant energy savings and enhanced comfort. Smart thermostats offer cost effectiveness, improved indoor air quality, enhanced comfort and convenience, and ...
10 months ago Securityzap.com
LockBit takedown surges Akira Ransomware Attacks - Following the takedown of the LockBit Ransomware group's website in 'Operation Cronos' by law enforcement agencies, there has been a notable surge in the activity of the Akira Ransomware group in recent weeks. This rise has been particularly ...
7 months ago Cybersecurity-insiders.com
Ransomware victims targeted by fake hack-back offers - Some organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data. Both Royal and Akira ransomware ...
9 months ago Bleepingcomputer.com
Nissan Australia cyberattack claimed by Akira ransomware gang - Today, the Akira ransomware gang claimed that it breached the network of Nissan Australia, the Australian division of Japanese car maker Nissan. In a new entry added to the operation's date leak blog on December 22, Akira says that its operators ...
10 months ago Bleepingcomputer.com
Ransomware, Data Breaches Inundate OT & Industrial Sector - Three-quarters of industrial firms suffered a ransomware attack in the past year, with far more compromises affecting operational technology than ever before - representing a surge in attacks driven by both the industrial sector's vulnerability and ...
11 months ago Darkreading.com
Medusa Ransomware Turning Your Files into Stone - Unit 42 Threat Intelligence analysts have noticed an escalation in Medusa ransomware activities and a shift in tactics toward extortion, characterized by the introduction in early 2023 of their dedicated leak site called the Medusa Blog. The Unit 42 ...
9 months ago Unit42.paloaltonetworks.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
10 months ago Feeds.fortinet.com
US SEC's X account hacked to announce fake Bitcoin ETF approval - The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. The announcement came this afternoon in a now-deleted tweet from the SEC's hacked X ...
9 months ago Bleepingcomputer.com
The Week in Ransomware - This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. That does not mean there was nothing of interest released this week about ransomware. A report by CISA said that the ...
5 months ago Bleepingcomputer.com
Akira ransomware gang says it stole passport scans from Lush The Register - Passport scans are routinely collected to verify identities during the course of the hiring process, which suggests Akira's affiliate likely had access to a system containing staff-related data. Company documents relating to accounting, finances, ...
9 months ago Go.theregister.com
Akira ransomware gang says it stole passport scans from Lush The Register - Passport scans are routinely collected to verify identities during the course of the hiring process, which suggests Akira's affiliate likely had access to a system containing staff-related data. Company documents relating to accounting, finances, ...
9 months ago Theregister.com
Ransomware trends and recovery strategies companies should know - Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in ...
10 months ago Helpnetsecurity.com
The Week in Ransomware - Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks. While many, like LockBit, claim to have policies in place to avoid encryping hospitals, we continue to ...
9 months ago Bleepingcomputer.com
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
11 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)