Ransomware Attack Hits Globe Pharmaceuticals in Bangladesh
Incident Date:
September 18, 2024
Overview
Title
Ransomware Attack Hits Globe Pharmaceuticals in Bangladesh
Victim
Globe Pharmaceuticals Ltd
Attacker
Valencia Leaks
Location
First Reported
September 18, 2024
Ransomware Attack on Globe Pharmaceuticals Ltd by ValenciaLeaks
Globe Pharmaceuticals Ltd, a leading pharmaceutical company in Bangladesh, has recently fallen victim to a ransomware attack orchestrated by the notorious group ValenciaLeaks. The attackers have exfiltrated a significant amount of sensitive data, which they claim to have obtained from the company's internal systems.
About Globe Pharmaceuticals Ltd
Established in 1986, Globe Pharmaceuticals Ltd is a prominent player in Bangladesh’s pharmaceutical sector. The company operates under the Globe Pharma Group of Companies and specializes in manufacturing over 200 medicinal products, including oral solids, liquids, parenteral injections, infusions, soft capsules, topical creams, ointments, and ophthalmic preparations. The company’s manufacturing facility, located in the BSCIC industrial estate in Noakhali District, adheres to international standards such as WHO-GMP and ISO 9001:2008 certifications. Globe Pharmaceuticals employs approximately 1,500 individuals and has a robust distribution network comprising 18 depots across Bangladesh.
Attack Overview
The ransomware group ValenciaLeaks has claimed responsibility for the attack on Globe Pharmaceuticals Ltd. The compromised files include detailed information on dermatology products and invoices, as well as extensive employee data. This data encompasses payment and salary information, insurance details, names, phone numbers, bank account information, and private keys, among other critical and sensitive files.
About ValenciaLeaks
ValenciaLeaks is a relatively new ransomware operation that has gained notoriety for leaking sensitive data stolen from various organizations worldwide. The group has established a dark web presence where it publicly shames companies that refuse to pay ransoms by listing them on a "Wall of Shame" and providing links to the exfiltrated data. ValenciaLeaks is suspected of exploiting critical vulnerabilities in the WhatsUp Gold networking monitoring software, which were disclosed earlier this year. Following the release of proof-of-concept exploit code, there was a noted increase in attacks leveraging these vulnerabilities.
Penetration and Vulnerabilities
While the exact method of penetration remains unclear, it is suspected that ValenciaLeaks exploited vulnerabilities in the WhatsUp Gold networking monitoring software to gain access to Globe Pharmaceuticals' systems. The attack underscores the importance of maintaining up-to-date security measures and promptly addressing known vulnerabilities to prevent such breaches.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.