Hey there, fellow business owner! Today, I want to share a cautionary tale that highlights the importance of cybersecurity. It’s a story about a US energy services firm called BHI Energy and how they fell victim to a ransomware attack by the notorious Akira gang. But don’t worry, there’s a silver lining to this story, and it involves protecting your own business from similar threats.
The Akira Ransomware Attack
So, let me set the stage for you. BHI Energy, which is part of Westinghouse Electric Company, provides specialty engineering services and staffing solutions for various industries, including oil & gas, nuclear power, wind and solar energy, and more. They’re a big player in the energy sector.
Now, on May 30, 2023, BHI Energy’s world came crashing down when Akira ransomware infiltrated their network. It all started when the threat actors used stolen VPN credentials from a third-party contractor to gain access to BHI Energy’s internal network. Can you believe it? The bad guys got in through a backdoor.
Once inside, these cybercriminals wasted no time. They spent a week exploring and mapping out BHI Energy’s network, searching for valuable data to steal. Then, on June 16, 2023, they returned with a plan and started swiping files left and right. In the span of nine days, they made off with a whopping 690 GB of data, including BHI’s Windows Active Directory database. It was a devastating blow.
But here’s the twist. BHI Energy’s IT team wasn’t completely caught off guard. On June 29, 2023, when the ransomware was deployed and files started getting encrypted, they quickly realized something was wrong. They sprang into action, informing law enforcement and bringing in external experts to help them recover their systems. And guess what? They succeeded!
Thanks to a cloud backup solution that hadn’t been affected by the attack, BHI Energy was able to restore their systems without paying a single penny to the cybercriminals. Talk about a sigh of relief! But they didn’t stop there. They took this experience as a wake-up call to amp up their cybersecurity measures.
Beefing Up Security
BHI Energy knew they couldn’t afford to let their guard down again. They implemented some key security measures to fortify their defenses:
- Multi-factor authentication on VPN access: This adds an extra layer of protection by requiring more than just a password to gain access to the network.
- Global password reset: Everyone at BHI Energy had to change their passwords to ensure that any compromised credentials were no longer valid.
- Extended deployment of EDR and AV tools: BHI Energy made sure that their environment was covered from all angles with advanced threat detection and antivirus tools.
- Decommissioning legacy systems: Out with the old and in with the new! BHI Energy got rid of outdated systems that could pose potential vulnerabilities.
By taking these proactive steps, BHI Energy is now better equipped to fend off future attacks and keep their business and customer data safe.
Data Exposed in the Attack
Now, you might be wondering, what kind of data did these cybercriminals get their hands on? Well, let me break it down for you:
- Full name: Yep, the hackers now know the names of BHI Energy employees.
- Date of birth: Personal information like birthdates is a treasure trove for identity thieves.
- Social Security Number (SSN): This is like the holy grail for cybercriminals. With an SSN, they can wreak havoc on someone’s financial life.
- Health information: Imagine having your private health details in the hands of criminals. It’s not a pretty picture.
It’s a scary thought, but here’s the good news: as of now, the stolen data hasn’t been leaked on the dark web, nor have the cybercriminals announced any plans to expose it. But that doesn’t mean we should let our guard down. Prevention is always better than cure.
So, my fellow business owner, let’s learn from BHI Energy’s experience. Don’t wait until it’s too late. Take the necessary steps to protect your business and your customers’ data. Our team at ZZ Servers is here to help you navigate the complex world of cybersecurity. Reach out to us today to learn how we can assist you in safeguarding your business from cyber threats.
Remember, it’s better to be safe than sorry!