Orange has confirmed to BleepingComputer that it has suffered a ransomware attack exposing the data of 20 its business customers.
Orange is a French telecommunications company that offers consumer communication services and business services to companies. With 266 millions of customers and 148.000 employees, Orange is the fourth largest mobile operator in Europe.
The affected internal systems would be the corporate VPN, Citrix, Siebel, Genesys, the virtual machines of Customer and Field Service and internal user PCs. So far no official statement has been released by the company to its corporate customers, which makes the situation of uncertainty even greater.
Orange confirmó que sufrieron un ataque de ransomware en la noche del sábado 4 of July of 2020 to the 5 July. The 15 de julio pasado, los operadores de ransomware detrás del Nefilim agregaron Orange a su sitio de fuga de datos y declararon que habían violado a la compañía a través de su división “Orange Business Solutions”.
Este ataque permitió a los operadores de Nefilim obtener acceso a veinte datos de clientes de Orange Pro/SME. Como parte de la filtración de los operadores del ransomware publicaron un archivo de 339 MB titulado ‘Orange_leak_part1.rar’ que contenía datos que supuestamente le habían robado a Orange durante el ataque.
La cuenta de Twitter Ransom Leaks, administrada por investigadores que analizan las fugas de ransomware, he said that this file contained emails, aircraft schematics and ATR Aircraft files, a French aircraft manufacturer. This data may indicate that ATR is a client of Orange's platform and was stolen during the attack.
Since the theft of unencrypted files is an important component of ransomware operations targeting companies, all attacks should be considered data breaches. Almost all ransomware attacks now include a pre-encryption component where attackers steal the victim's unencrypted files.
The threat of publicly releasing these stolen files is the latest used as leverage to force victims to pay the ransom.
And there is some unconfirmed information indicating that the criminals are asking for $7.5 million in Monero for the recovery of the files.