Beautiful Virgin Islands


Dominican government agency affected by ransomware attack; Ransom set at $650,000

Dominican government agency affected by ransomware attack; Ransom set at $650,000

The Instituto Agrario Dominicano (IAD), part of the Dominican Republic’s Ministry of Agriculture, has been targeted in a Quantum ransomware attack leaving multiple services and workstations in the agency encrypted. The attackers are reportedly asking $650,000 for recovery.

According to local media, the attack happened on August 18 and has since impacted the agency’s functioning. A total of four physical and eight virtual servers were impacted by the attack, summing up virtually all servers the agency uses. Only one of the servers running on Linux remains unaffected. As of August 23, 23 computers were infected, and the network was still down.

Since the databases, applications and emails were all compromised among other things, all data has been compromised as confirmed by IAD’s director of technology Walixson Amaury Nuñez.

BleepingComputer reports that the Quantum ransomware gang is behind the attack. They claimed to have stolen over 1TB of data and threaten to release it if IAD did not pay the $650,000 ransom. Something that’s unlikely to happen considering the agency simply can’t afford to do so.


The National Cybersecurity Centre (CNCS) has been assisting the agency in recovery efforts and has reported that IP addresses belonging to the attackers from the US and Russia. The IAD also reported that they only had basic security software on their systems and don’t have a dedicated security department either.

As for the threat actors, Quantum is quickly becoming increasingly active, targeting enterprises with ransomware. The group is believed to be a branch of the Conti ransomware gang which itself took over from the Mountlocker group.

This rebranding reportedly happened in August 2021 as indicated by their ransomware encryptor adding a .quantum file extension to encrypted files. The group wasn’t particularly active at the time though, with activity spiking following the Conti ransomware group shutting down and its members looking for other groups to join.

Newsletter

Related Articles

Beautiful Virgin Islands
0:00
0:00
Close
×