The WarLock ransomware group has allegedly targeted okan.ru, a Russian company specializing in engineering, production, and supply of industrial valves. The cybercriminal gang added the firm to its data leak site, claiming to have exfiltrated sensitive financial information. A countdown timer on the site suggests the data will be publicly released in just over 13 days if the company does not comply with the attackers’ demands.
Okan is a notable player in its sector, providing a wide range of engineering services from initial technical assessments to the development of operational documentation. The company collaborates with both Russian and international partners to supply valves that meet various industry standards. A compromise of its financial data could expose internal accounting details, client information, and other proprietary financial records, posing a significant risk to its operations and business relationships.
The WarLock ransomware operation, which first surfaced in mid-2025, employs a double-extortion tactic of encrypting a victim’s files while also stealing confidential data and threatening to publish it. The group operates on a ransomware-as-a-service (RaaS) model and has been linked to the exploitation of vulnerabilities in widely used corporate software, such as Microsoft SharePoint, to gain initial access to its targets’ networks.
