Ransomware Attack Exposes Duopharma Biotech's Sensitive Data
Incident Date:
September 18, 2024
Overview
Title
Ransomware Attack Exposes Duopharma Biotech's Sensitive Data
Victim
Duopharma Biotech Berhad
Attacker
Valencia Leaks
Location
First Reported
September 18, 2024
Ransomware Attack on Duopharma Biotech Berhad by ValenciaLeaks
Duopharma Biotech Berhad, a leading Malaysian pharmaceutical company, has recently been targeted by the notorious ransomware group ValenciaLeaks. The attack, which was publicly disclosed on September 18, resulted in the extraction of 25.7GB of sensitive data.
About Duopharma Biotech Berhad
Established in 1979 and headquartered in Klang, Selangor, Duopharma Biotech Berhad is a key player in the healthcare industry. The company is publicly listed on Bursa Malaysia Securities Berhad and is recognized for its quality and innovation in pharmaceutical products. Duopharma Biotech specializes in the manufacturing, marketing, and distribution of over 300 generic drugs, OTC medications, APIs, and specialty pharmaceuticals. The company operates state-of-the-art manufacturing facilities that comply with Good Manufacturing Practices (GMP) and ISO certifications, serving both domestic and international markets.
Details of the Attack
The ransomware attack on Duopharma Biotech reportedly took place on August 23, 2024, but was only disclosed on September 18. ValenciaLeaks claimed responsibility for the breach, which involved the extraction of 25.7GB of sensitive information. The leaked data includes references to third-party involvement, identifying nine external users and domains, though specific identities have not been revealed. A screenshot accompanying the leak visually represents the compromised data.
About ValenciaLeaks
ValenciaLeaks is a relatively new but aggressive ransomware group that has gained notoriety for its significant data breaches. The group operates a dark web leak site where it publicly shames companies that refuse to pay ransoms by listing them on a "Wall of Shame" and providing links to the exfiltrated data. ValenciaLeaks has been linked to several high-profile attacks, including those on the City of Pleasanton, California, and Globe Pharmaceuticals in Bangladesh.
Potential Vulnerabilities
ValenciaLeaks is suspected of exploiting critical vulnerabilities in the WhatsUp Gold networking monitoring software, which were disclosed in May 2024. The release of proof-of-concept exploit code in August led to a surge in attacks leveraging these vulnerabilities. Duopharma Biotech's extensive digital infrastructure and third-party collaborations may have made it an attractive target for such sophisticated cyber threats.
Implications for Duopharma Biotech
The breach underscores the growing threat of ransomware attacks in the healthcare sector, which often deals with highly sensitive data. For Duopharma Biotech, the attack not only poses operational and financial risks but also threatens its reputation for quality and innovation in the pharmaceutical industry.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.