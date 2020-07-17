Orange ransomware attack has been confirmed

Orange, a French telecommunications company and the fourth-largest mobile operator in Europe, has confirmed it fell victim to a ransomware attack during the night of July 4 into July 5. Although Orange can boast 266 million customers, it would appear that the reach of this ransomware attack is limited.

According to Bleeping Computer, it was the business service division that was breached. Orange Business Services provides support for business and local governments through the digital transformation journey, Orange’s website stating that: “Data is at the heart of digital transformation for businesses.”

Some customer data accessed

And it is data that has seemingly been exposed courtesy of the Nefilim ransomware actors behind the attack. Orange was added to the Nefilim dark web site that details “corporate leaks” on July 15. Samples of data that the Nefilim group says were exfiltrated from Orange customers were included in a 339MB archive. The same date, somewhat ironically, that Orange Business Services published a blog entitled “Staying safe at home: guidelines for IT security during the pandemic.

The Nefilim data exfiltration threat

Nefilim is a relatively new ransomware operator, discovered earlier this year, which follows the recent trend for stealing data that can be used to leverage ransom payment. Such tactics have proven to be profitable for cybercriminals, such as those behind the NetWalker ransomware threat.

Just last month, I reported how the University of California, San Francisco (UCSF), paid a ransom of $1.14 million (£910,000) to get stolen data back from the group.

The most notable ransomware actor demanding large payments to prevent the sale or publication of stolen data is REvil. It asked, but didn’t get, $42 million (£33.5 million) in return for “Trump’s Dirty Laundry” data after an attack on a New York law firm.

What has Orange said?

Orange told Bleeping Computer that “Orange teams were immediately mobilized to identify the origin of this attack and has put in place all necessary solutions required to ensure the security of our systems.”

That confirmation also stated that the Nefilim group had accessed the data of around 20 customers hosted on its virtual hosting platform called “Le Forfait informatique” that outsources IT support to Orange Business Services. “No other service has been affected,” the Orange spokesperson said.

I have reached out to Orange for further information and will update this article accordingly if I hear any more.

What do cybersecurity experts say?

Javvad Malik, a security awareness advocate at KnowBe4, said that organizations need to “implement a layered defensive strategy, in particular against credential stuffing, exploitation of unpatched systems, and phishing emails which are the main source of ransomware.”

Tarik Saleh, a senior security engineer at DomainTools, said: “Orange certainly followed best practices by promptly disclosing the breach to its business customers, who will need to take all the possible precautions to make their data unusable in future attacks: changing the password of their accounts and looking out for potential phishing or spear-phishing emails.”

