Quantum Ransomware

Malware

Quantum is becoming a major player among enterprise-targeting ransomware operations, linked to an attack on PFC that impacted over 650 healthcare orgs

The ransomware gang is believed to be an offshoot of the Conti ransomware operation, which took over the previous rebrand of the MountLocker ransomware operation. MountLocker was first deployed in attacks starting in September 2020 but rebranded multiple times under various names, including AstroLocker, XingLocker, and finally Quantum.

The rebrand to Quantum occurred in August 2021, when their ransomware encryptor switched to adding the .quantum file extension to encrypted files' names. After that, however, the rebrand never became particularly active, with the operation mostly lying dormant. That was until the Conti ransomware operation started shutting down, and its members began looking for other operations to infiltrate.

According to Advanced Intel's Yelisey Boguslavskiy, some of the Conti cybercrime syndicate joined the ranks of the Quantum operation, which also immediately saw an increase in attacks.

Incidents Caused by this Malware

August 18, 2022: $600K demanded in Dominican Agrarian Institute Quantum Ransomware Attack,
February 12, 2022: Overly Delayed Disclosure of Ransomware Attack at Australian Clinical Labs

Threat Actors Known to use this Malware

No threat actors identified