Cyber Incident Victim: Valdis Analysis Laboratory

On February 6, 2021, RagnarOK threat actors executed a ransomware attack against Valdès Analysis Laboratory, a medical testing facility in Cagliari, Italy. The attackers exfiltrated sensitive data including authorizations for online reports, internal laboratory documents, regulatory references pertaining to Covid-19 protocols, and quality control records (VEQ 2020) originating from Florence’s Careggi University Hospital. To substantiate their claims, RagnarOK published a screenshot displaying a directory of compromised files alongside four purported archive download links. Independent verification by Marco De Felice and DataBreaches.net confirmed these links were nonfunctional, returning 404 errors at the time of inspection. The breach exposed operational and potentially patient-related information, though specific details regarding patient records were not explicitly enumerated in the attackers’ proof materials.

Valdès Analysis Laboratory did not publicly acknowledge the incident on its website following the attack. This absence of notification prompted De Felice to directly contact the laboratory’s administrative office and Data Controller via email to ascertain compliance with GDPR-mandated breach reporting obligations to Italy’s Privacy Guarantor authority. The inquiry also sought clarification on whether affected customers had received direct notifications, as no customer-facing advisories appeared on the company’s digital platforms. The laboratory’s operational status post-attack, containment measures undertaken, or any ransom negotiations remained undocumented in available sources. RagnarOK’s leak site did not subsequently release additional Valdès data beyond the initial proof samples, though the threat actors’ typical tactics involved escalating data dumps absent payment.