A new player in the ransomware landscape, Valencia Ransomware, listed five significant victims from the U.S., Spain, India, Malaysia, and Bangladesh on its Tor-based leak website on the dark web. This cybercrime group has reportedly stolen data from these entities and has begun leaking sensitive information this week, as per recent reports.
The alleged victims include the City of Pleasanton, California, for which the hacker claims to have 304GB of data compromising Personally Identifiable Information (PII), financial records, and sensitive company documents, and Globe Pharmaceuticals Limited, Bangladesh, for which they sell 200MB of data that includes product details, invoices, and extensive employee information such as payment details and private keys.
Valencia Ransomware claims to have 7.1GB of unspecified data from Satia Industries, India, 25.7GB of stolen data from Duopharma Biotech Berhad, Malaysia, and an unspecified quantity of information exfiltrated from Tendam, Spain, formerly known as Grupo Cortefiel – which was listed as a victim by Medusa Ransomware.
The leaked files reportedly include PII such as full names, addresses, dates of birth, and driver's license numbers, alongside credit card information and employee resumes. Globe Pharmaceuticals' breach exposed dermatology product details, employee salaries, insurance data, and more sensitive files.
The targeted organizations suggest a high level of operational sophistication. Technisanct's founder, Nandakishore Harikumar, has verified the credibility of these claims, indicating Valencia's potent threat level. Notably, Tendam has faced previous attacks, while the other entities appear to be first-time victims.
There are suspicions of a link between Valencia and an entity known as LoadingQ, active on the EVIL hacker forum. Both share contact details and a Tox chat ID, suggesting a possible association. LoadingQ has also advertised access to a European healthcare network for $40,000, indicating potential access to valuable networks by both LoadingQ and Valencia.
Another hot threat actor right now is the RansomHub ransomware gang, which recently published information allegedly stolen from Kawasaki Motors. The 487 gigabytes of data reportedly belong to the company’s Europe systems, as the company failed to meet the ransom demands.