Cyber Defense Advisors

Warnings after new Valencia ransomware group strikes businesses and leaks data

A new ransomware operation has started to leak information it claims has been stolen from organisations it has compromised around the world.

In recent days Valencia Ransomware has posted on its dark web leak site’s so-called “Wall of shame” links to gigabytes of downloadable information that has seemingly been exfiltrated from a Californian municipality, a pharmaceutical firm, and a paper manufacturer.

The alleged victims include the City of Pleasanton in California (where the attacker claims to have stolen 283GB of sensitive information), Malaysian pharmaceutical firm Duopharma Biotech (25.7GB), Indian paper manufacturer Satia (7.1GB), and Bangladeshi drugs maker Globe Pharmaceuticals (200MB).

There are additionally claims that Spanish fashion giant Tendam has also been hit by the Valencia group. If that is accurate, it is particularly unfortunate, as the firm was also reportedly hit by the Medusa ransomware earlier this month.

There has been speculation online that some of the Valencia group’s attacks may be linked to the exploitation of critical vulnerabilities in the WhatsUp Gold networking monitoring software from Progress.

Vulnerabilities that made it possible to takeover WhatsUp Gold admin accounts were discovered and responsibly disclosed in May, and proof-of-concept exploit code was published at the end of August.

Within hours of the proof-of-concept code being published, security firms were reporting evidence that the flaw was being actively exploited by cybercriminals.

On its leak webpage, Valencia describes the compromised organisations thus:

“Here is a list of companies that don’t care about customer privacy.”

What they really mean, of course, is here is a list of companies who have chosen not to pay a ransom after falling victim to a criminal act.

It’s true that paying ransoms incentivises cybercriminals and increases the risk of future attacks against your company and others.

However, when faced with the potential devastation to your business and the livelihoods of your employees, partners, and clients, your company may feel it has no choice but to pay. Regardless of your decision, it’s vital to report cybersecurity attacks to law enforcement and assist them in their investigation.

No-one should rest easy when it comes to ransomware. With more attacks making more money than ever before there is no indication that the ransomware incidents are likely to decline any time soon.

Here are 30 ransomware prevention tips that can help prevent a ransomware infection from succeeding in your organisation.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor and do not necessarily reflect those of Tripwire.