Ransomware Attack Exposes Duopharma Biotech's Sensitive Data
Ransomware Attack on Duopharma Biotech Berhad by ValenciaLeaks
Duopharma Biotech Berhad, a leading Malaysian pharmaceutical company, has recently been targeted by the notorious ransomware group ValenciaLeaks. The attack, which was publicly disclosed on September 18, resulted in the extraction of 25.7GB of sensitive data.
About Duopharma Biotech Berhad
Established in 1979 and headquartered in Klang, Selangor, Duopharma Biotech Berhad is a key player in the healthcare industry. The company is publicly listed on Bursa Malaysia Securities Berhad and is recognized for its quality and innovation in pharmaceutical products. Duopharma Biotech specializes in the manufacturing, marketing, and distribution of over 300 generic drugs, OTC medications, APIs, and specialty pharmaceuticals. The company operates state-of-the-art manufacturing facilities that comply with Good Manufacturing Practices (GMP) and ISO certifications, serving both domestic and international markets.
Details of the Attack
The ransomware attack on Duopharma Biotech reportedly took place on August 23, 2024, but was only disclosed on September 18. ValenciaLeaks claimed responsibility for the breach, which involved the extraction of 25.7GB of sensitive information. The leaked data includes references to third-party involvement, identifying nine external users and domains, though specific identities have not been revealed. A screenshot accompanying the leak visually represents the compromised data.
About ValenciaLeaks
ValenciaLeaks is a relatively new but aggressive ransomware group that has gained notoriety for its significant data breaches. The group operates a dark web leak site where it publicly shames companies that refuse to pay ransoms by listing them on a "Wall of Shame" and providing links to the exfiltrated data. ValenciaLeaks has been linked to several high-profile attacks, including those on the City of Pleasanton, California, and Globe Pharmaceuticals in Bangladesh.
Potential Vulnerabilities
ValenciaLeaks is suspected of exploiting critical vulnerabilities in the WhatsUp Gold networking monitoring software, which were disclosed in May 2024. The release of proof-of-concept exploit code in August led to a surge in attacks leveraging these vulnerabilities. Duopharma Biotech's extensive digital infrastructure and third-party collaborations may have made it an attractive target for such sophisticated cyber threats.
Implications for Duopharma Biotech
The breach underscores the growing threat of ransomware attacks in the healthcare sector, which often deals with highly sensitive data. For Duopharma Biotech, the attack not only poses operational and financial risks but also threatens its reputation for quality and innovation in the pharmaceutical industry.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!