Quantum Ransomware

Quantum Ransomware Description

The Quantum Ransomware is a powerful malware threat, equipped with the ability to lock the data on the systems it manages to breach. The goal of the attackers is to use the encrypted files as leverage and then extort their victims for money. The strong encryption algorithm used by the threat ensures that without the key in possession of the attackers, restoration of the files will be virtually impossible.

As part of its invasive actions, the threat will mark each locked file by modifying its original file name. More specifically, the threat appends '.quantum' to the name of each encrypted file. When all targeted file types on the system have been processed the Quantum Ransomware will leave a ransom note in the form of an HTML file named 'README_TO_DECRYPT.html.'

Demands Overview

The ransom-demanding message reveals that Quantum Ransomware's operators are running a double-extortion scheme. Their main targets appear to be corporate entities and, according to the hackers, apart from encrypting crucial files, they have also managed to exfiltrate vast amounts of sensitive and confidential data. Victims are given 48 hours and after this period their data will supposedly be released to the public and the security incident will become widely known. To avoid this outcome, the affected entities are told to contact the attackers by visiting their dedicated support website accessible only via the TOR browsers.

The full set of instructions left by Quantum Ransomware is:

'Your ID:

This message contains an information how to fix the troubles you've got with your network.

Files on the workstations in your network were encrypted and any your attempt to change, decrypt or rename them could destroy the content.
The only way to get files back is a decryption with Key, provided by the Quantum Locker.

During the period your network was under our control, we downloaded a huge volume of information.
Now it is stored on our servers with high-secure access. This information contains a lot of sensitive, private and personal data.
Publishing of such data will cause serious consequences and even business disruption.

It's not a threat, on the contrary - it's a manual how to get a way out.
Quantum team doesn't aim to damage your company, our goals are only financial.

After a payment you'll get network decryption, full destruction of downloaded data, information about your network vulnerabilities and penetration points.
If you decide not to negotiate, in 48 hours the fact of the attack and all your information will be posted on our site and will be promoted among dozens of cyber forums, news agencies, websites etc.

To contact our support and start the negotiations, please visit our support chat.

It is simple, secure and you can set a password to avoid intervention of unauthorised persons.

Password field should be blank for the first login.
Note that this server is available via Tor browser only.
P.S. How to get TOR browser - see at hxxps://www.torproject.org
.'

Related Posts