Orange Confirms Ransomware Attack Compromising Data
Orange is a France based multinational telecommunications corporation having 266 million customers worldwide and a total of 1,48,000 employees. It is a leading provider of global IT and telecommunications services to residential, professional, and large business clients. It includes fixed-line telephone, mobile communications, Internet and wireless applications, data transmission, broadcasting services, and leased line, etc.
The attack was brought to light by Nefilim Ransomware who announced on their data leak site that they acquired access to Orange’s data through their business solutions division.
In a conversation with Bleeping Computer, the company said, “Orange teams were immediately mobilized to identify the origin of this attack and has put in place all necessary solutions required to ensure the security of our systems.”
Orange further told that the attack that occurred on the night of 4th July affected an internal IT platform known as, “Le Forfait Informatique”, it was hosting data belonging to 20 SME customers that were breached by attackers, however, there were no traces of any other internal server being affected as a result of the attack. Giving insights, Tarik Saleh, a senior security engineer at DomainTools, said,
“Orange certainly followed best practices by promptly disclosing the breach to its business customers, who will need to take all the possible precautions to make their data unusable in future attacks: changing the password of their accounts and looking out for potential phishing or spear-phishing emails.”
While commenting on the security incident, Javvad Malik, Security Awareness Advocate at KnowBe4, said that in these times, it is essential, “that organizations put in place controls to prevent the attack from being successful, as even if they have backups from which they can restore, this won’t bring back data that has been stolen.”
“As part of this, organizations should implement a layered defensive strategy, in particular against credential stuffing, exploitation of unpatched systems, and phishing emails which are the main source of ransomware. This includes having technical controls, the right procedures, and ensuring staff has relevant and timely security awareness and training,” he further added.