Quantum Ransomware


Quantum is becoming a major player among enterprise-targeting ransomware operations, linked to an attack on PFC that impacted over 650 healthcare orgs

The ransomware gang is believed to be an offshoot of the Conti ransomware operation, which took over the previous rebrand of the MountLocker ransomware operation. MountLocker was first deployed in attacks starting in September 2020 but rebranded multiple times under various names, including AstroLocker, XingLocker, and finally Quantum.

The rebrand to Quantum occurred in August 2021, when their ransomware encryptor switched to adding the .quantum file extension to encrypted files' names. After that, however, the rebrand never became particularly active, with the operation mostly lying dormant. That was until the Conti ransomware operation started shutting down, and its members began looking for other operations to infiltrate.

According to Advanced Intel's Yelisey Boguslavskiy, some of the Conti cybercrime syndicate joined the ranks of the Quantum operation, which also immediately saw an increase in attacks.

Threat Actors Known to use this Malware

No threat actors identified