Orange says ransomware attack compromised data of 20 enterprise customers

Orange says ransomware attack compromised data of 20 enterprise customers

Orange says ransomware attack compromised data of 20 enterprise customers

French telecommunications company Orange has confirmed that it suffered a ransomware attack this month that resulted in hackers accessing the data of 20 enterprise customers that were stored in a targeted server.

The ransomware attack on Orange first came to light when hackers using the Nefilim Ransomware announced on their website that they had gained access to data belonging to Orange through the company's "Orange Business Solutions" division.

When contacted, Orange confirmed to Bleeping Computer that it had indeed suffered a ransomware attack on the night of 4th July that compromised an internal IT platform dubbed "Le Forfait Informatique". The platform hosted data associated with around twenty SME customers and hackers were able to access the data. However, no other internal servers were affected.

"A cryptovirus-type computer attack was detected by Orange teams during the night of Saturday 04 July to Sunday 05 July 2020. Orange teams were immediately mobilised to identify the origin of this attack and has put in place all necessary solutions required to ensure the security of our systems.

"According to initial analysis by security experts, this attack has concerned data hosted on one of our Neocles IT platforms, "Le Forfait informatique", and no other service has been affected. However, this attack seems to have allowed hackers to access the data of around 20 PRO / SME customers hosted on the platform.

"Affected customers have already been informed by Orange teams and Orange continues to monitor and investigate this breach. Orange apologises for the inconvenience caused," the company said. It is not clear if hackers have demanded a ransom from Orange yet.

Organisations must put in place controls to prevent ransomware attacks

Commenting on the ransomware attack targeting Orange, Javvad Malik, Security Awareness Advocate at KnowBe4, says that the attack highlights the ongoing move by criminals to exfiltrate data as part and parcel of a ransomware campaign.

"Therefore, it makes it even more essential that organisations put in place controls to prevent the attack from being successful, as even if they have backups from which they can restore, this won't bring back data that has been stolen.

"As part of this, organisations should implement a layered defensive strategy, in particular against credential stuffing, exploitation of unpatched systems, and phishing emails which are the main source of ransomware. This includes having technical controls, the right procedures, and ensuring staff have relevant and timely security awareness and training," he adds.

According to security firm Trend Micro, the Nefilim Ransomware that was used to target Orange, was discovered in March this year and is most likely distributed through exposed Remote Desktop Protocol (RDP).

In a report, the firm said that Netfilim uses AES-128 encryption to encrypt victim’s files and its code is very similar to that of the Nemty 2.5 ransomware, except that Netfilim does not feature the Ransomware-as-a-Service (RaaS) component. The ransomware is also capable of managing payments via email communication rather than through a Tor payment site and files encrypted by it can only be decrypted by using an RSA private key.

ALSO READ: Hackers using MSPs as staging ground to launch ransomware attacks: US Secret Service

Copyright Lyonsdown Limited 2021

Top Articles

It’s time to upgrade the supply chain attack rule book

How can infosec professionals critically reassess how they detect and quickly prevent inevitable supply chain attacks?

Driving eCommerce growth across Africa

Fraud prevention company Forter has partnered with payments technology provider Flutterwave to drive eCommerce growth across Africa and beyond.

Over 500,000 Huawei phones found infected with Joker malware

The Joker malware infiltrated over 500,000 Huawei phones via ten apps using which the malware communicates with a command and control server.

Related Articles