Expert Comments

Europe’s Largest Mobile Operator Orange Hit by Ransomware Attack – Expert Commentary

Expert(s): Security Experts
Expert(s): Security Experts

Orange, a French telecommunications company and the fourth-largest mobile operator in Europe, has confirmed it suffered a ransomware attack on July 4-5. The attack exposed the data of 20 of their enterprise customers, and it has since been leaked online via Nefilm Ransomware’s site. Specific details around how this attack occurred have not been released, but Orange has issued a statement confirming the success of the attack.

Experts Comments

Dot Your Expert Comments
Mark Bagley
July 20, 2020
VP of Product
AttackIQ

To best defend against ransomware, it’s important to understand the common tactics, techniques, and procedures used by the adversary.
This ransomware attack highlights the complexity and far-reaching damage of a B2B data breach. The incident not only impacts Orange itself but also the employees and customers of the enterprise customers whose data have been exposed. As evidenced by this and many other recent ransomware attacks, it’s no longer an issue of just whether or not to pay the ransom. Data is not just encrypted, but actually stolen and often exposed – making these attacks even more detrimental. Because of this,.....Read More
This ransomware attack highlights the complexity and far-reaching damage of a B2B data breach. The incident not only impacts Orange itself but also the employees and customers of the enterprise customers whose data have been exposed. As evidenced by this and many other recent ransomware attacks, it’s no longer an issue of just whether or not to pay the ransom. Data is not just encrypted, but actually stolen and often exposed – making these attacks even more detrimental. Because of this, it's important to adopt a proactive and threat-informed approach to security strategy that allows for an organization to know it can thwart ransomware attacks. To best defend against ransomware, it’s important to understand the common tactics, techniques, and procedures used by the adversary. In doing so, companies can build more resilient security detection, prevention, and response programs mapped specifically to those known behaviors. Additionally, companies should use automated solutions that safely emulate the most common ransomware campaigns and their techniques to avoid falling victim.  Read Less
Tarik Saleh
July 20, 2020
Senior Security Engineer and Malware Researcher
DomainTools

This ransomware attack to Orange is just the latest of a long line of attacks to show how profitable these operations are for cybercriminals.
Certainly, concerning the size of the database exposed, this ransomware attack to Orange is just the latest of a long line of attacks that go to show how profitable these operations are for cybercriminals. By selling stolen personal information, attackers can maximise their profits in case victims were to have secure backups and choose not to pay the ransom. It is an unfortunate trend that effectively doubled up ransomware attacks as data breaches, of which customers and affected parties should .....Read More
Certainly, concerning the size of the database exposed, this ransomware attack to Orange is just the latest of a long line of attacks that go to show how profitable these operations are for cybercriminals. By selling stolen personal information, attackers can maximise their profits in case victims were to have secure backups and choose not to pay the ransom. It is an unfortunate trend that effectively doubled up ransomware attacks as data breaches, of which customers and affected parties should be notified. In that sense, Orange certainly followed best practices by promptly disclosing the breach to its business customers, who will need to take all the possible precautions to make their data unusable in future attacks – e.g. changing the password of their accounts and looking out for potential phishing/spear-phishing emails.  Read Less
Javvad Malik
July 20, 2020
Security Awareness Advocate
KnowBe4

The unfortunate ransomware attack against Orange highlights the ongoing move by criminals to exfiltrate data.
The unfortunate ransomware attack against Orange highlights the ongoing move by criminals to exfiltrate data as part and parcel of a ransomware campaign. Therefore, it makes it even more essential that organisations put in place controls to prevent the attack from being successful, as even if they have backups from which they can restore, this won't bring back data that has been stolen. As part of this, organisations should implement a layered defensive strategy, in particular against.....Read More
The unfortunate ransomware attack against Orange highlights the ongoing move by criminals to exfiltrate data as part and parcel of a ransomware campaign. Therefore, it makes it even more essential that organisations put in place controls to prevent the attack from being successful, as even if they have backups from which they can restore, this won't bring back data that has been stolen. As part of this, organisations should implement a layered defensive strategy, in particular against credential stuffing, exploitation of unpatched systems, and phishing emails which are the main source of ransomware. This includes having technical controls, the right procedures, and ensuring staff have relevant and timely security awareness and training  Read Less

Dot Your Expert Comments


Only for registered and approved experts. Please register before providing comments. Register here
* By using this form you agree with the storage and handling of your data by this web site.
Submit
0
FacebookTwitterLinkedinWhatsappEmail

You may also like

Experts Reaction On World Economic Forum 2021 Report Cites Cyber...

Major Security Flaws Found In Signal And other Video Chat...

Comment On IoT Risks Of Peloton Bike

70% of UK Finance Industry Hit With Cyber-Attacks In 2020

A Chinese Hacking Group Is Stealing Airline Passenger Details

Expert Commentary: Hacker Posts 1.9 Million Pixlr User Records For...

NSA And Dutch NCSC Warn Outdated TLS Certs

Federal Agency Warns Cloud Attacks Are On The Rise –...

Experts Reaction On New Chrome Update To Boost Password Security

Experts Insight On Latest Flaw Within DNSpooq