Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Share Post: Reddit Facebook
Orange confirms ransomware attack exposing business customers' data
#1
Orange has confirmed to BleepingComputer that they suffered a ransomware attack exposing the data of twenty of their enterprise customers.

Orange is a French telecommunications company that offers consumer communication services and business services to the enterprise. With 266 million customers and 148,000 employees, Orange is the fourth-largest mobile operator in Europe.


As part of its services portfolio, the 'Orange Business Services' division offers enterprise solutions such as remote support, virtual workstations, system security, and cloud backups and hosting.

Nefilim ransomware leaks Orange customer data

On July 15th, 2020, the ransomware operators behind the Nefilim Ransomware added Orange to their data leak site and stated that they breached the company through their "Orange Business Solutions" division.


Orange confirmed to BleepingComputer that they suffered a ransomware attack targeting their Orange Business Services division on the night of Saturday, July 4th, 2020, into July 5th.


This attack allowed the Nefilim operators to gain access to twenty Orange Pro/SME customers' data.

"A cryptovirus-type computer attack was detected by Orange teams during the night of Saturday 04 July to Sunday 05 July 2020. Orange teams were immediately mobilised to identify the origin of this attack and has put in place all necessary solutions required to ensure the security of our systems. According to initial analysis by security experts, this attack has concerned data hosted on one of our Neocles IT platforms, "Le Forfait informatique", and no other service has been affected. However, this attack seems to have allowed hackers to access the data of around 20 PRO / SME customers hosted on the platform. Affected customers have already been informed by Orange teams and Orange continues to monitor and investigate this breach. Orange apologises for the inconvenience caused."

Orange's "Le Forfait Informatique" platform allows enterprise customers to host virtual workstations in the cloud while outsourcing IT support for these hosted workstations to Orange Business Services.

As part of the ransom operators' leak, a 339MB archive file was published titled 'Orange_leak_part1.rar' that contained data that was allegedly stolen from Orange during the attack.

The Ransom Leaks Twitter account, run by researchers analyzing ransomware leaks, told BleepingComputer that this archive contained emails, airplane schematics, and files from ATR Aircraft, a French aircraft manufacturer.

This data may indicate that ATR is a customer of Orange's Le Forfait Informatique platform and was stolen during the attack.

While ATR told BleepingComputer that they "have not recently been affected by a ransomware attack," we have not received replies to our followup questions regarding their data leaked in the Orange attack.

Ransomware attacks are data breaches

With unencrypted file theft being a strong component of enterprise-targeting ransomware operations, all attacks must be considered data breaches.

Almost all ransomware attacks now include a pre-encryption component where the attackers steal unencrypted files from the victim.

The threat of publicly releasing these stolen files is the latest used as leverage to coerce victims to pay the ransom demand.

While Orange did the right thing by being transparent about their attack and notifying the customers, it is equally vital for the affected customers to disclose these breaches to their clients and employees.

As employees are commonly the last to know about these attacks, they are also at the most risk as their personal information is publicly released or sold to other threat actors.


source
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Nissan reveals ransomware attack exposed 53,000 workers' social security numbers mrtrout 0 426 05-20-2024 , 02:22 AM
Last Post: mrtrout
  Norton Parent Says Employee Data Stolen in MOVEit Ransomware Attack mrtrout 0 7,939 06-20-2023 , 09:05 PM
Last Post: mrtrout
  Maastricht University gets partial ransom back after ransomware attack in 2019 mrtrout 0 744 07-03-2022 , 09:56 PM
Last Post: mrtrout
  Nordic Choice Hotels Turns Ransomware Attack into Success Story mrtrout 0 868 01-18-2022 , 11:18 PM
Last Post: mrtrout
  Sinclair TV stations disrupted across the US after ransomware attack mrtrout 0 814 10-18-2021 , 10:01 PM
Last Post: mrtrout



Users browsing this thread: 2 Guest(s)