Quantum ransomware gang has this time struck a government agency in the Dominican Republic and is demanding $600,000 to free up the data from encryption. According to a spokesperson from Dominican Republic, Instituto Agrario Dominicano, the attack led to access lockdown of 4 physical servers and 8 virtual servers of the agency.
Preliminary Investigations revealed that the attack was linked to IP addresses operating in United and Russia. But the law enforcement agencies state that the attack could have been organized through proxies and might be the work of North Korea hackers.
Quantum hackers claim the hack led to the steal of about 1TB of data and if the ransom is not paid on time, the threat actors are threatening to either release or sell that data via the dark web.
The National Cybersecurity Centre (CNCS) estimates that all the applications, email servers and databases were affected by the incident and has assured that it will recover from this malware attack within no time- all thanks to an efficient business continuity plan that is already in place.
NOTE 1- Till September 2020, a ransomware named MountLocker was operating in the wild. Apparently, Quantum is the same version of the MountLocker and was previously known with names such as AstroLocker and XingLocker.
NOTE 2- Most of the file encrypting malware spreading gangs are nowadays indulging in double extortion tactics. First, they steal data from the victim server and then lock it down from access until a ransom is paid. And if the victim cannot pay the ransom or denies paying it, the threat actors sell that data to interested parties such as marketing firms or to individual hackers or, in rare cases, to state funded hacking groups.
