Orange, a French telecommunications company and the fourth-largest mobile operator in Europe, has confirmed it suffered a ransomware attack on July 4-5. The attack exposed the data of 20 of their enterprise customers, and it has since been leaked online via Nefilm Ransomware’s site. Specific details around how this attack occurred have not been released, but Orange has issued a statement confirming the success of the attack.
This ransomware attack highlights the complexity and far-reaching damage of a B2B data breach. The incident not only impacts Orange itself but also the employees and customers of the enterprise customers whose data have been exposed. As evidenced by this and many other recent ransomware attacks, it’s no longer an issue of just whether or not to pay the ransom. Data is not just encrypted, but actually stolen and often exposed – making these attacks even more detrimental. Because of this, it\’s important to adopt a proactive and threat-informed approach to security strategy that allows for an organization to know it can thwart ransomware attacks.
To best defend against ransomware, it’s important to understand the common tactics, techniques, and procedures used by the adversary. In doing so, companies can build more resilient security detection, prevention, and response programs mapped specifically to those known behaviors. Additionally, companies should use automated solutions that safely emulate the most common ransomware campaigns and their techniques to avoid falling victim.
The unfortunate ransomware attack against Orange highlights the ongoing move by criminals to exfiltrate data as part and parcel of a ransomware campaign. Therefore, it makes it even more essential that organisations put in place controls to prevent the attack from being successful, as even if they have backups from which they can restore, this won\’t bring back data that has been stolen. As part of this, organisations should implement a layered defensive strategy, in particular against credential stuffing, exploitation of unpatched systems, and phishing emails which are the main source of ransomware. This includes having technical controls, the right procedures, and ensuring staff have relevant and timely security awareness and training
Certainly, concerning the size of the database exposed, this ransomware attack to Orange is just the latest of a long line of attacks that go to show how profitable these operations are for cybercriminals. By selling stolen personal information, attackers can maximise their profits in case victims were to have secure backups and choose not to pay the ransom. It is an unfortunate trend that effectively doubled up ransomware attacks as data breaches, of which customers and affected parties should be notified. In that sense, Orange certainly followed best practices by promptly disclosing the breach to its business customers, who will need to take all the possible precautions to make their data unusable in future attacks – e.g. changing the password of their accounts and looking out for potential phishing/spear-phishing emails.