- Marijan Hassan - Tech Journalist
New cyber gang "Valencia" emerges, claims multiple high-profile hack
A newly discovered ransomware group, dubbed Valencia, is making waves on the cybersecurity landscape, claiming to have compromised and stolen data from five organizations worldwide.
The group, which surfaced earlier this month, has listed the city of Pleasanton, California, as one of its victims, alleging the theft of 304GB of sensitive data.
Valencia's list of alleged victims comprises:
City of Pleasanton (California): The gang claims to have exfiltrated 304 GB of data from the municipality.
Globe Pharmaceuticals Limited (Bangladesh): Allegedly leaked 200MB of sensitive information.
Satia Industries (India): A paper manufacturer said to have had 7.1GB of data stolen.
Duopharma Biotech Berhad (Malaysia): The pharmaceutical company reportedly had 25.7GB of data exfiltrated.
Tendam (Spain): A fashion retailer, with an unspecified amount of data allegedly compromised.
While none of the listed victims have publicly confirmed the breaches, Valencia has begun releasing stolen data on the dark web starting with Pleasanton. According to cybersecurity firm HackManac, which reviewed the stolen data, the files available for download include personally identifiable information such as names, addresses, dates of birth, and driver’s license numbers, alongside credit card information and company financial data. Other stolen documents reportedly include confidential employee resumes, credentials, and sensitive company information.
Additionally, the group has made available files allegedly stolen from Globe Pharmaceuticals. These reportedly include details about dermatology products, invoices, as well as employee payment and salary information, insurance data, bank accounts, and private keys. The extensive leak also contains personal contact details and confidential company files.
Having looked at samples from the stolen data, Nandakishore Harikumar, founder and CEO of cybersecurity firm Technisanct, believes the gang’s operations are credible. He also noted that based on the profiles of the alleged victims, Valencia seems to possess significant operational capability in executing ransomware attacks.
The CEO also revealed that there appears to be a link between Valencia and a hacker who operates under the handle "LoadingQ" on the EVIL hacker forum. Both Valencia and LoadingQ share the same contact details and Tox chat ID, suggesting a potential connection. LoadingQ is known to have advertised access to a European healthcare company on the forum, listing domain admin access and 2,500 computers in the Active Directory environment for sale at $40,000.
The ransomware market is increasingly becoming lucrative which means we will only see more cybergangs emerge. With this in mind, organizations have a responsibility to put up the right security measures to mitigate the threat.
Comments