A recent ransomware attack to Europe's largest telecommunications company has stolen company data, which was allegedly being sold on a data leak site.
According to SiliconANGLE, the attack came from the Nefilim ransomware group, which offers Orange's data on its data leak site. The leak was first noted by Bleeping Computer on July 16.
Orange confirmed to BleepingComputer the ransomware attack, which targeted Orange Business Services provides consumer communication and business services. It exposed the data of 20 out of its 266 million customers and 148,000 employees.
A recent ransomware attack to Europe’s largest telecommunications company has stolen company data
Orange said it had been targeted overnight between July 4 and 5. The company said its security team has identified "the origin of the attack" as well as initiate all necessary means to ensure its security systems."
Nefilim has previously shared similarities to the Nemty 2.5 ransomware, but it was previously noted to spread through RDP and uses AES-128 encryption on a victim's files. In February, the group is also believed to be behind the attack on Toll Group, an Australian logistics provider.
AttackIQ Inc. Vice President of Product Mark Bagley said the incident has impacted Orange as well as its customers and employees "whose data have been exposed" due to the attack that leads to a business data breach.
Experts comment on the recent Orange cyberattack
Meanwhile, security experts gave their comments regarding these recent attacks in Information Security Buzz.
AttackIQ's Bagley said the recent Orange attacks are more detrimental as data are encrypted, stolen, and often exposed. He also said that that the best defense against ransomware is by knowing the common techniques and procedures used by the hackers.
Orange S.A., Europe's Largets Mobile Operator
KnowBe4 Security Awareness Advocate Javvad Malik said the Orange attack shows the lingering move by criminals, which leads to preventing the attack. Thus, organizations should employ a multi-layered defense scheme, including utilizing the right procedures, technical controls, and providing relevant security awareness and training to staff.
Meanwhile, DomainTools Senior Security Engineer and Malware Researcher Tarik Saleh said the size of the database exposed in the recent ransomware attack Orange that proves how profitable these operations are for hackers. They steal the information and sell them, so these criminals can maximize their profits. Meanwhile, victims must secure backup databases and not pay the ransom. Saleh also said this trend "effectively doubled up ransomware attacks as data breaches."
Computer security: Ransomware attacks are a breach of data
Almost all ransomware attacks are comprised of a pre-encryption component, in which attackers steal unencrypted files from their victims. However, threatening to release stolen files in public is used to intimidate victims to pay the ransom.
However, Orange's move to go public about the attacks and notify its customers is the better move for the company to disclose these breaches to their clients and employees. While employees usually are the last to know about these attacks, they are also at the most risk as their personal information is either released in public or sold to other crooks.
