Orange confirms ransomware attack exposing business customers’ data


Orange has confirmed that they suffered a ransomware attack exposing the data of some of their enterprise customers.

Orange is a French telecommunications company that provides consumer communication services and business services to the enterprise. Orange has over 266 million customers and 148,000 employees and is the fourth-largest mobile operator in Europe.

The ‘Orange Business Services’ division provides enterprise solutions which includes remote support, virtual workstations, system security, and cloud backups and hosting.

On July 15th, the Nefilim Ransomware operators added Orange to their data leak site stating that the company has been breached through their “Orange Business Solutions” division.

The company confirmed that they have been hit with the ransomware on their Orange Business Services division on July 4th and July 5th.

The Nefilim operators managed to get access to twenty Orange Pro/SME customers’ data.

As soon as the Orange team became aware of the attack, they had put all necessary solutions needed to ensure the security of their systems. As per the initial analysis by security experts, this attack has affected data hosted on one of their Neocles IT platforms, “Le Forfait informatique”, and that no other services were affected.

The company apologized for the inconvenience caused and all the impacted customers have been informed. The Orange teams is still investigating the breach.

The “Le Forfait Informatique” platform allows enterprise customers to host virtual workstations in the cloud while outsourcing IT support for these hosted workstations to Orange Business Services.

In the leak, a 339MB archive file was published titled ‘Orange_leak_part1.rar’ that included data stolen from Orange during the attack.

According to the researchers, this archive contained emails, airplane schematics, and files from ATR Aircraft, a French aircraft manufacturer.

This shows that ATR is a customer of Orange’s Le Forfait Informatique platform and their data was stolen during the attack.

However, ATR had not yet confirmed of being affected by a ransomware attack recently.

All the ransomware attacks now include a pre-encryption component where the unencrypted files are stolen by the attackers from the victim. They then threaten the victims of publicly releasing these stolen files.

Image Credits : Adware Guru

Priyanka R
Cyber Security Enthusiast, Security Blogger, Technical Editor, Author at Cyber Safe News

    New BlackRock Android Malware targets 337 apps

    Previous article

    Argentinian telecom supposedly hit by Monero Ransomware

    Next article

    You may also like

    More in Ransomware


    Leave a reply

    Your email address will not be published. Required fields are marked *