Ransomware Attack on Globe Pharmaceuticals Ltd by ValenciaLeaks

Globe Pharmaceuticals Ltd, a leading pharmaceutical company in Bangladesh, has recently fallen victim to a ransomware attack orchestrated by the notorious group ValenciaLeaks. The attackers have exfiltrated a significant amount of sensitive data, which they claim to have obtained from the company's internal systems.

About Globe Pharmaceuticals Ltd

Established in 1986, Globe Pharmaceuticals Ltd is a prominent player in Bangladesh’s pharmaceutical sector. The company operates under the Globe Pharma Group of Companies and specializes in manufacturing over 200 medicinal products, including oral solids, liquids, parenteral injections, infusions, soft capsules, topical creams, ointments, and ophthalmic preparations. The company’s manufacturing facility, located in the BSCIC industrial estate in Noakhali District, adheres to international standards such as WHO-GMP and ISO 9001:2008 certifications. Globe Pharmaceuticals employs approximately 1,500 individuals and has a robust distribution network comprising 18 depots across Bangladesh.

Attack Overview

The ransomware group ValenciaLeaks has claimed responsibility for the attack on Globe Pharmaceuticals Ltd. The compromised files include detailed information on dermatology products and invoices, as well as extensive employee data. This data encompasses payment and salary information, insurance details, names, phone numbers, bank account information, and private keys, among other critical and sensitive files.

About ValenciaLeaks

ValenciaLeaks is a relatively new ransomware operation that has gained notoriety for leaking sensitive data stolen from various organizations worldwide. The group has established a dark web presence where it publicly shames companies that refuse to pay ransoms by listing them on a "Wall of Shame" and providing links to the exfiltrated data. ValenciaLeaks is suspected of exploiting critical vulnerabilities in the WhatsUp Gold networking monitoring software, which were disclosed earlier this year. Following the release of proof-of-concept exploit code, there was a noted increase in attacks leveraging these vulnerabilities.

Penetration and Vulnerabilities

While the exact method of penetration remains unclear, it is suspected that ValenciaLeaks exploited vulnerabilities in the WhatsUp Gold networking monitoring software to gain access to Globe Pharmaceuticals' systems. The attack underscores the importance of maintaining up-to-date security measures and promptly addressing known vulnerabilities to prevent such breaches.

Sources

• Globe Pharmaceuticals Ltd
• Tripwire: Warnings After New Valencia Ransomware Group Strikes Businesses and Leaks Data
• YouTube: ValenciaLeaks Ransomware Group
• Ransomlook: Ransomware Groups