Nefilim Ransomware Operators Allegedly Targeted Orange S.A., one of the largest mobile network operators in the world

As part of Cyble continuous darkweb and deepweb monitoring, our threat researchers came across the post of Nefilim ransomware operators in which they have claimed to be in possession of sensitive data of Orange S.A., one of the largest mobile networks based in France.

Founded in the year 1988, Orange S.A. is a French multinational telecommunications corporation. It has 266 million customers worldwide and employs 89,000 people in France, and 59,000 elsewhere. Along with that, the company has been generating an annual revenue of around €42.238 billion. Currently, it is the tenth-largest mobile network operator in the world and the fourth largest in Europe.

As per ransomware operators claim, Orange Business Solutions, a subsidiary of Orange S.A. was breached. Operators have released a fragment of sensitive data.

After analysing the leaked files, Cyble Research Team identified-:

  • The data leak consists of various sensitive and corporate operational documents of Aero Technique Espace (ATE), a well-established French aircraft painting company that had been acquired by Air works. The leaked documents related to ATE seem to include checklists reports before the presentation of aviation planes, observation of technical faults reports, aviation painting reports, and much more.
  • It also includes data sample documents of Avions de transport regional (ATR), a Franco-Italian aircraft manufacturer based in France. The leaked documents related to ATR seem to include multiple aircraft architecture designs, email conversations, transfer of responsibility documents, and much more.
  • Netfilim ransomware operators claim these companies to be customers or in touch with Orange Business Services and also threatens the company to leak more data soon.

Cyble has been reporting these types of breaches to aware individuals of the risks associated with using online services.

Tips on how to prevent ransomware attacks –

  • Never click on unverified/unidentified links
  • Do not open untrusted email attachments
  • Only download from sites you trust
  • Never use unfamiliar USBs
  • Use security software and keep it updated
  • Backup your data periodically
  • Isolate the infected system from the network
  • Use mail server content scanning and filtering

It is recommended to follow above mentioned prevention methods and never pay the ransom.

About Cyble

Cyble is an Atlanta, US-based, global premium cyber-security firm with tools and capabilities to provide near real-time cyber threat intelligence. 

Cyble Inc.’s mission is to provide organizations with a real-time view of their supply chain cyber threats and risks. Their SaaS-based solution powered by machine learning and human analysis provides organizations’ insights to cyber threats introduced by suppliers and enables them to respond to them faster and more efficiently.

This monitoring and notification platform gives the average consumer insights into their personal cybersecurity issues, allowing them to take action then as needed. It has recently earned accolades from Forbes as being the top 20 cyber-security companies to watch in 2020. 

Scroll to Top