Orange, a French telecoms company and europe’s fourth largest cell operator, proved to have been the victim of a ransomware attack on the night of July 4-5. Although Orange can boast 266 million customers, it appears that the scope of this ransomware attack is limited.
According to Bleeping Computer, it was the business department that was raped. Orange Business Services supports local businesses and communities throughout their virtual transformation journey, with Orange’s online page becoming “data at the heart of enterprise virtual transformation.”
And this is the knowledge that was supposedly revealed through the Nephilim ransomware players behind the attack. Orange was added to Nephilim’s dark online page that signals “corporate leaks” on July 15. Data samples that, according to the Nephilim group, were extracted through Orange consumers were included in a 339 MB file. Same date, somewhat ironic, when Orange Business Services published a blog titled “Staying Safe at Home: Rules for IT Security in the Pandemic.”
Nefilim is a relatively new ransomware operator, discovered earlier this year, that follows the recent trend of knowledge theft that can be used to obtain merit from ransom payments. These tactics have proven successful for cybercriminals, such as NetWalker ransomware threats.
Last month, I reported how the University of California, San Francisco (UCSF) paid a ransom of $1.14 million (910,000 euros) for the group’s stolen knowledge.
REvil is the best known ransomware player that requires giant invoices to save you from selling or posting stolen knowledge. He asked, but did not get, $42 million (33.5 million pounds) in exchange for the knowledge of “Trump’s Dirty Laundry” after an attack on a New York law firm.
Orange told Bleeping Computer that “Orange groups mobilized to identify the origin of this attack and place all mandatory responses to ensure the protection of our systems.”
This confirmation also specified that the Nefilim organization had accessed the knowledge of about 20 consumers hosted on its “The Computer Package” virtual hosting platform, which outsources IT to Orange Business Services. “Other facilities were not affected,” Orange spokesman said.
I contacted Orange for more information and will update this article accordingly if I hear more.
Javvad Malik, a security awareness advocate at KnowBe4, said organizations want to “implement a layered defensive strategy, especially opposed to lockdown credentials, operate unrerected systems, and phishing emails that are the main source of ransomware.”
Tarik Saleh, senior security engineer at DomainTools, said: “Orange has in fact followed most productive practices by temporarily revealing the violation to its professional clients, who will have to take every imaginable precaution to make their knowledge unusable in long-term attacks: converting their account passwords and looking for possible phishing or phishing emails.”
I have been a generation journalist for 3 decades and have been editor-in-chief of PC Pro mag since the first factor in 1994. Three-time BT winner
I have been a generation journalist for 3 decades and have been editor-in-chief of PC Pro mag since the first factor in 1994. Three-time WINNER of the BT Security Journalist of the Year Award (2006, 2008, 2010) also fortunate enough to be named BT Technology Journalist of the Year in 1996 for a future feature on PC Pro called “Internet Threats”. In 2011, I won the Enigma Award for my lifetime contribution to PC security journalism. Contact me with confidence [email protected] if you have a story to reveal or a desire to share.