Orange, the French telecom company that services over 260 million customers around the world, has recently confirmed it was hit by a ransomware assault that exposed sensitive data belonging to 20 of its enterprise clients.

Ransomware attacks directed at enterprises are fast becoming a popular way for cybercriminals to not only attempt to extort payments, but disrupt a company’s services and damage them financially when confidential client data is exposed.

Orange currently delivers telecommunication services to consumers, as well as dedicated business communication solutions to enterprises. As an element of its complete portfolio of services, the company’s “Orange Business Services’ division delivers a host of enterprise solutions from hosting, cloud backups and remote support, to system security and virtual workstations.

Ransomware operators leak Orange enterprise client data

In a recent communication with the help site first founded in 2004 by Lawrence Abrams called Bleeping Computer, the French company confirmed it had been hit by a ransomware attack. It reported that the focused attack had targeted its Orange Business Services division. The successful infiltration allowed operators using Nefilim ransomware to gain unauthorised access to data belonging to 20 of its Professional/Small and Medium Sized Enterprise (SME) customers.

The threat actors responsible for the ransomware known as “Nefilim” officially included Orange on their dedicated site for data leaks on July 15, adding that they had had breached the telco through its “Orange Business Solutions” division.

An archive file containing 339 MB of data was part of the leaked information published to the ransom operator’s site. It was labelled ‘Orange_leak_part1.rar’ and included data allegedly taken in the attack on Orange. Information provided by the Ransom Leaks account on Twitter, operated by researchers analysing leaked information from ransomware attacks, explained that the archive file contained aeroplane schematics, emails and files from the French aircraft maker, ATR Aircraft.

Uncovering an attack and acting fast

Technical teams at Orange identified the attack as a being a “crypto-virus-type” and instantly mobilised to discover its origin. The team also immediately established the required security solutions to defend the company’s systems.

A spokesperson from Orange confirmed:

“According to initial analysis by security experts, this attack has concerned data hosted on one of our Neocles IT platforms, “Le Forfait informatique”, and no other service has been affected. However, this attack seems to have allowed hackers to access the data of around 20 PRO / SME customers hosted on the platform.”

The French telecom company’s Le Forfait Informatique platform for enterprise customers has been designed to enable it to host cloud-based virtual workstations while outsourcing the required IT support over to Orange Business Services.

The fourth-biggest mobile provider operating in Europe, the French telco currently employs around 148,000 personnel. In line with its obligation to data protection regulations, Orange has now informed all its customers affected by the incident and offered its apologies for any inconvenience caused.

The firm has also commented that it is continuing to both monitor and investigate the recent data breach.