BHI Energy Cyberattack — Another All Too Common Example

Akira Ransomware Attack Hits BHI Energy | June 2023

A recent victim of ransomware was BHI Energy I Specialty Services LLC (BHI), a company that provides specialty maintenance and professional services to the nuclear power generation, industrial, and government markets. We’re writing this blog in the hopes that this cyberattack is the one that motivates organizations to take more corrective and protective actions!

On June 29, 2023, BHI discovered that some of its systems were encrypted by an unknown source, which prevented BHI from accessing its data. BHI launched an investigation and found out that an unauthorized user had accessed and downloaded some of its business records, including files that contained personal and health information of some of its employees and customers. The information that may have been compromised includes names, addresses, dates of birth, Social Security numbers, medical information, and health insurance information.

All Too Often Organizations "Fail to Protect"

The incident was a result of unauthorized access to their network, which could have been prevented with the use of Multi-Factor Authentication (MFA). MFA adds an extra layer of security by requiring users to provide two or more verification factors to gain access to a resource such as an application or online account.

All Too Often Organizations "Fail to Detect"

This indicates a failure in the BHI intrusion detection systems (IDS) if they exist at all. Timely detection of unauthorized access is crucial in limiting the damage caused by a data breach. The attackers gained access to BHI on May 30th, but they were not detected until about a month later June 29th.

Success in Cloud-Based Backup Solution

Despite these failures, BHI Energy did succeed in one area – they had a cloud-based backup solution in place. After data exfiltration the attackers encrypted company assets which was the act that triggered an IT response, ultimately a backup recovery. This swift action was possible due to their backup solution, which allowed them to restore their systems quickly.
The BHI case illustrates that a single accident rarely creates a disaster. Rather, it is often a combination of multiple factors that lead to a catastrophic outcome. In this case, the lack of MFA for contractor accounts, the failure of IDS, and the presence of sensitive data on BHI’s network all contributed to the success of the ransomware attack. However, BHI also demonstrated that it is possible to recover from such an attack by using a cloud-based backup solution and salvaging a bad situation.

How Does Cayosoft Help with Cyberattacks?

Cayosoft offers a complete solution to manage, monitor, and recover your hybrid Microsoft environments (on-premises AD, Entra ID/Azure AD, Microsoft 365, and Teams). Cayosoft Administrator features roles, rules, and automations to help govern user and administrator behavior. Cayosoft Guardian provides change monitoring and threat detection. Lastly, Cayosoft Guardian Forest Recovery — the industry’s leading and patent-pending instant Active Directory forest recovery solution.

Want to defend and secure your Active Directory from cyberattacks?

Learn more about instant AD forest recovery technology, only available from Cayosoft!

Check out these relevant resources.

New Survey Finds...

Active Directory forest recovery not taken serious enough. See what else your peers had to say.