On July 4, hackers announced they’d used Nefilim Ransomware to access the Orange server, gaining data on the company’s Orange Business Solutions division.
It was unknown if any ransom had been demanded or paid, teiss wrote.
“Affected customers have already been informed by Orange teams, and Orange continues to monitor and investigate this breach. Orange apologizes for the inconvenience caused,” the company said, according to teiss.
Javvad Malik, security awareness advocate at KnowBe4, said the attack highlights the need for “a layered defensive strategy, in particular against credential stuffing, exploitation of unpatched systems, and phishing emails which are the main source of ransomware,” teiss reported. “This includes having technical controls, the right procedures, and ensuring staff have relevant and timely security awareness and training.”
Security firm Trend Micro found that the Nefilim Ransomware used in the attack had been discovered in March. It is most likely distributed through exposed Remote Desktop Protocol (RDP), and a report from the firm said Nefilim Ransomware uses AES-128 encryption to encrypt victims’ files, similar to how the Nemty 2.5 ransomware works, albeit without the Ransomware-as-a-Service component, teiss reported.
In addition, Nefilim Ransomware can manage payments via email communications, not just through a Tor payment site. The encrypted files can only be decrypted through an RSA private key, teiss reported.
Phishing attacks have surged in the midst of the pandemic, PYMNTS reported. According to security experts, the attacks often involve using Google Firebase storage URLs to gain access to B2B payment workflows, using fake vendor payment forms.