Dominican Republic government agency was disrupted by a Quantum ransomware attack

A Quantum ransomware attack disrupted the Instituto Agrario Dominicano in the Dominican Republic, encrypting numerous services on servers. The agency cannot afford the $600,000 ransom demanded by the attackers. The National Cybersecurity Center is assisting in recovery efforts, tracing the attack to the United States and Russia. If the ransom is not paid, the threat actor may release over 1 terabyte of stolen data. Quantum ransomware is linked to the Conti and MountLocker ransomware operations.

The Quantum ransomware assault that affected the Instituto Agrario Dominicano (IAD) in the Dominican Republic and encrypted numerous services and workstations took place on 18 August, local media reports. ‘They ask for more than 600 thousand dollars. We were affected by four physical servers and eight virtual servers; virtually all servers’, Walixson Amaury Núñez, IAD’s director of technology, told the local press.

As the IAD does not have enough money to pay the ransom and with only basic security software systems – the company’s data is completely compromised.

According to the National Cybersecurity Center (CNCS), which has been helping the agency recover from the attack, the attackers’ IP addresses came from the United States and Russia.

BleepingComputer investigated the case and found out that the Quantum ransomware operation was the attacker. If the IAD does not pay the ransom publicly, the threat actor, who claimed to have stolen over 1TB of data, is threatening to release it. This ransomware actor is supposedly an offshoot of the Conti ransomware operation, which adopted the earlier name of the MountLocker ransomware operation.