Orange confirmed that it had been attacked by ransomware, saying that the data of twenty of its corporate customers had been revealed.
Orange is a French telecommunications company that offers consumer communication services and business services to businesses. With 266 million customers and 148.000 employees, Orange is the fourth largest mobile phone company in Europe.
Nefilim ransomware leaks Orange customer data
On July 15, 2020, the ransomware operators behind Nefilim Ransomware reported Orange on their data leak site and stated that they had breached the company through the "Orange Business Solutions" section.
Orange confirmed to BleepingComputer that it was the victim of a ransomware attack targeting the Orange Business Services department on the night of Saturday, July 4, 2020, until July 5.
This attack allowed Nefilim operators to access the data of twenty Orange Pro / SME customers.
"A malware attack was detected by Orange teams during the night of Saturday, July 04, until Sunday, July 05, 2020. Orange teams immediately mobilized to identify the origin of this attack and have implemented all the necessary solutions needed to ensure the security of our systems. According to the initial analysis of security experts, this attack concerned data hosted on one of Neocles IT platforms, "Le Forfait informatique" and no other services have been affected. However, this attack seems to have allowed hackers to access the data of about 20 PRO / SME clients hosted on the platform. Affected customers have already been informed by Orange teams and Orange continues to monitor and investigate this violation. Orange apologizes for the inconvenience. "
Orange's "Le Forfait Informatique" platform allows corporate clients to host virtual workstations in the cloud, while providing external support for these hosted workstations at Orange Business Services.
As part of the leak, a 339MB archive file titled "Orange_leak_part1.rar" was released containing data allegedly stolen from Orange during the attack.
Ransom Leaks's Twitter account, which is run by researchers investigating ransomware leaks, said the file contained emails, aircraft designs and files from ATR Aircraft, a French aircraft manufacturer.
These data may indicate that ATR is a customer of Orange's Le Forfait Informatique platform and was stolen during the attack.
Ransomware attacks are data breaches
Since file encryption is not a strong component of ransomware companies targeting companies, all attacks should be considered data breaches.
Almost all ransomware attacks now include a pre-encryption component where intruders steal unencrypted files from the victim.
The threat of publishing these stolen files is the latest to be used as leverage to force victims to pay the ransom.
While Orange did the right thing by informing its customers about the attack, it is equally vital for affected customers to disclose these breaches to customers and their employees their.
Employees are usually the last to learn about these attacks but they are also at great risk as their personal data disclosed or sold to other threat agents.