French telecommunications company Orange S.A. has been targeted by a ransomware attack with data stolen.

First reported July 16 by Bleeping Computer, the ransomware attack targeted Orange’s Business Services division, which offers enterprise solutions such as remote support, virtual workstations, system security, cloud backups and cloud hosting.

The ransomware attack came from the Nefilim ransomware group, which is also offering the data stolen from Orange via its data leak site. The name Nefilim is a biblical reference to the sons of God in the Old Testament. The group is also believed to be behind the ransomware attack on Australian logistics provider Toll Group in February.

The Nefilim ransomware was previously said to share similarities to the Nemty 2.5 ransomware, though without the ransomware-as-a-service component. The ransomware was previously noted to spread likely through RDP and uses AES-128 encryption on a victim’s files.

Orange confirmed the ransomware attack, saying that it had been targeted overnight July 4 and into July 5. The company said its security team was “mobilized to identify the origin of the attack and has put in place all necessary solutions required to ensure the security of our systems.” Orange added that data from about 20 customers on its virtual hosting service had been accessed by those behind the ransomware attack, but no other services had been affected. Orange has 266 million customers worldwide.

“This ransomware attack highlights the complexity and far-reaching damage of a business to business data breach,” Mark Bagley, vice president of product at enterprise cybersecurity company AttackIQ Inc., told SiliconANGLE. “The incident not only impacts Orange itself but also the employees and customers of the enterprise customers whose data have been exposed.”

Bagley said it’s not just a matter of whether to pay the ransom. “Data is not just encrypted but actually stolen and often exposed – making these attacks even more detrimental,” he said. “Because of this, it’s important to adopt a proactive and threat-informed approach to security strategy that allows for an organization to know it can thwart ransomware attacks. Additionally, companies should use automated solutions that safely emulate the most common ransomware campaigns and their techniques to avoid falling victim.”

Photo: Wikimedia Commons