Orange confirms ransomware attack
Orange has confirmed to BleepingComputer that they suffered a ransomware attack exposing the data of twenty of their enterprise customers.
Orange is a French telecommunications company that offers consumer communication services and business services to the enterprise. With million customers and , employees, Orange is the fourth-largest mobile operator in Europe.
As part of its services portfolio, the Orange Business Services division offers enterprise solutions such as remote support, virtual workstations, system security, and cloud backups and hosting.
On July , the ransomware operators behind the Nefilim Ransomware added Orange to their data leak site and stated that they breached the company through their Orange Business Solutions division.
Orange confirmed to BleepingComputer that they suffered a ransomware attack targeting their Orange Business Services division on the night of Saturday, July.
This attack allowed the Nefilim operators to gain access to twenty Orange ProSME customers data.
A cryptovirus-type computer attack was detected by Orange teams during the night of Saturday July to Sunday July . Orange teams were immediately mobilised to identify the origin of this attack and has put in place all necessary solutions required to ensure the security of our systems. According to initial analysis by security experts, this attack has concerned data hosted on one of our Neocles IT platforms, Le Forfait informatique , and no other service has been affected. However, this attack seems to have allowed hackers to access the data of around PRO SME customers hosted on the platform. Affected customers have already been informed by Orange teams and Orange continues to monitor and investigate this breach. Orange apologises for the inconvenience caused.
Orange’s Le Forfait Informatique platform allows enterprise customers to host virtual workstations in the cloud while outsourcing IT support for these hosted workstations to Orange Business Services.
As part of the ransom operators leak, a MB archive file was published titled Orange_leak_part.rar that contained data that was allegedly stolen from Orange during the attack.
The Ransom Leaks Twitter account, run by researchers analyzing ransomware leaks, told BleepingComputer that this archive contained emails, airplane schematics, and files from ATR Aircraft, a French aircraft manufacturer.
This data may indicate that ATR is a customer of Orange s Le Forfait Informatique platform and was stolen during the attack.
While ATR told BleepingComputer that they have not recently been affected by a ransomware attack, we have not received replies to our followup questions regarding their data leaked in the Orange attack.
With unencrypted file theft being a strong component of enterprise-targeting ransomware operations, all attacks must be considered data breaches.
Almost all ransomware attacks now include a pre-encryption component where the attackers steal unencrypted files from the victim.
The threat of publicly releasing these stolen files is the latest used as leverage to coerce victims to pay the ransom demand.
While Orange did the right thing by being transparent about their attack and notifying the customers, it is equally vital for the affected customers to disclose these breaches to their clients and employees.
As employees are commonly the last to know about these attacks, they are also at the most risk as their personal information is publicly released or sold to other threat actors.