The Quantum ransomware operation that affected the Instituto Agrario Dominicano in the Dominican Republic encrypted several services and workstations. The Ministry of Agriculture’s Instituto Agrario Dominicano (IAD) is responsible for carrying out the nation’s Agrarian reform initiatives.
According to local media, the ransomware assault took place on August 18 and had an effect on how the agency operated. Walixson Amaury Núñez, the IAD’s director of technology, informed the local press that “they demand a payment of more than 600,000. Four physical servers and eight virtual servers, essentially all servers, had an impact on us.”
The National Cybersecurity Center (CNCS), which has been helping the agency recover from the attack, stated that the attackers’ IP addresses came from the United States and Russia. Núñez said the databases, apps, emails, etc. were all affected, which resulted in a complete breach of the information. The IAD has stated to the local media that they do not have a specialized security department and have essential security software like antivirus on their systems.
VenezuelaBTH revealed about the attack and stated that the organization was unlikely to pay a ransom since they lacked the funds to do so. Further analysis showed that the assault, which at first sought a $650,000 ransom from the organization, was the work of the Quantum ransomware operation. If IAD did not pay a ransom in the open, the threat actors, who asserted having taken over 1TB of data, threatened to release it.
With a connection to a PFC assault that affected over 650 healthcare organizations, Quantum is emerging as a critical role among ransomware operations that target businesses. The Conti ransomware operation, which took over the former branding of the MountLocker ransomware operation, is said to have given rise to the ransomware gang.
Attacks using MountLocker began in September 2020. However, it was later renamed under the names AstroLocker, XingLocker, and, lastly, Quantum. When their ransomware encryptor switched to appending the .quantum file suffix to encrypted files’ names in August 2021, they changed their name to Quantum. However, the rebrand never really took off after that, with the organization mainly sitting inactive.
That was before the Conti ransomware operation started to shut down, and its participants started seeking other processes to penetrate. Yelisey Boguslavskiy of Advanced Intel claims that a portion of the Conti cybercrime gang joined the Quantum operation, which likewise experienced an instant rise in attacks.