The Dominican Republic’s Instituto Agrario Dominicano has suffered a Quantum ransomware attack that encrypted multiple services and workstations throughout the government agency.
The Instituto Agrario Dominicano (IAD) is part of the Ministry of Agriculture and is responsible for executing Agrarian Reform programs in the country.
Local media reports that the ransomware attack occurred on August 18th, which has impacted the agency’s operation.
“They ask for more than 600 thousand dollars. We were affected by four physical servers and eight virtual servers; virtually all servers,” IAD Director of Technology Walixson Amaury Nuñez told local media.
The National Cybersecurity Center (CNCS), which has been assisting the agency recover from the attack, says that the IP addresses of the attackers were from the U.S. and Russia.
“The information was totally compromised, because the databases, applications, emails, etc., were affected,” assured Núñez.
The IAD has told local media that they only had basic security software on their systems, such as antivirus, and lack a dedicated security department.
Quantum ransomware behind the attack
BleepingComputer learned of the attack today from VenezuelaBTH, who said the agency was unlikely to pay a ransom as they cannot afford to do so.
Our investigation discovered that the Quantum ransomware operation was behind the attack, which initially demanded a $650,000 ransom from the agency.
The threat actors claimed to have stolen over 1TB of data and threatened to release it if IAD did not pay a ransom publicly.
Quantum is becoming a major player among enterprise-targeting ransomware operations, linked to an attack on PFC that impacted over 650 healthcare orgs
The ransomware gang is believed to have become an offshoot of the Conti ransomware operation, which took over the previous rebrand of the MountLocker ransomware operation.
MountLocker was first deployed in attacks starting in September 2020 but rebranded multiple times under various names, including AstroLocker, XingLocker, and finally Quantum.
The rebrand to Quantum occurred in August 2021, when their ransomware encryptor switched to adding the .quantum file extension to encrypted files’ names. After that, however, the rebrand never became particularly active, with the operation mostly lying dormant.
That was until the Conti ransomware operation started shutting down, and its members began looking for other operations to infiltrate.
According to Advanced Intel’s Yelisey Boguslavskiy, some of the Conti cybercrime syndicate joined the ranks of the Quantum operation, which also immediately saw an increase in attacks.