Quantum ransomware campaign hits the Dominican Republic

Quantum Ransomware Campaign Dominican Republic

The Ministry of Agriculture in the Dominican Republic has suffered from a Quantum ransomware campaign that encrypted several workstations and services. This attack has caused significant disruptions throughout the government agency.

The Ministry of Agriculture, called The Instituto Agrario Dominicano (IAD), oversees Agrarian Reform programs in the Dominican Republic. Based on reports, the ransomware attack happened this month and impacted the agency’s operation.

Additionally, the Quantum operators demanded $600,000 after compromising four physical and eight virtual servers.

Fortunately, the National Cybersecurity Centre has been assisting the affected agency in recovering from the attack. They also noted that the IP addresses used by attackers came from Russia and the United States.

The IAD revealed that their agency only had essential security software such as antivirus. Hence, the entity lacked a dedicated security solution.

According to a separate researcher, the agency revealed that they could not afford to pay the ransom asked by the Quantum ransomware group, which could result in the permanent loss of data.

The adversaries claimed that they had stolen more than one terabyte and threatened the agency that they would release it if the victim did not complete a ransom payment.

 

Quantum’s ransomware campaign is slowly becoming a significant threat among enterprises. Recently, the group also targeted the PFC, which impacted nearly 700 healthcare organisations.

 

Some researchers claimed that Quantum is an offspring of Conti ransomware after it took over its previous rebrand, MountLocker.

The Quantum rebrand was manifested in August last year when their ransomware encryptor started adopting the [.]quantum file extension to encrypted files’ names. However, the rebrand is slower to emerge since the operation remained dormant for months.

The operation of the Quantum group started to pick up the pace after the Conti ransomware started to crumble since the latter group members began to infiltrate other operations.

Many researchers believed that the members of the Conti cybercriminal group hold a higher rank within the Quantum operation.

About the author

Leave a Reply