US energy services firm BHI Energy has disclosed the details of a ransomware attack it suffered at the hands of the Akira ransomware gang. The breach, which took place on May 30, 2023, was initiated when the threat actors used stolen VPN credentials from a third-party contractor to gain access to BHI Energy’s internal network.
Subsequently, they conducted reconnaissance and on June 29, 2023, deployed the Akira ransomware, encrypting files on all devices and alerting BHI’s IT team to the breach. BHI Energy responded swiftly, involving external experts and law enforcement, successfully removing the threat actor’s foothold by July 7, 2023. The firm restored its systems using cloud backups unaffected by the attack and fortified its security measures.
During the attack, the cybercriminals managed to exfiltrate a significant volume of data, including sensitive personal information. An investigation concluded on September 1, 2023, revealed that the stolen data included employees’ full names, dates of birth, Social Security Numbers (SSNs), and health information. Remarkably, the Akira ransomware gang has not, at the time of the report, disclosed or leaked BHI Energy’s data on the dark web or made any public announcements regarding the incident.
To safeguard those impacted by the breach, the company is providing instructions for enrolling in a two-year identity theft protection service through Experian. This incident underscores the critical importance of robust cybersecurity measures in safeguarding sensitive data from malicious actors.