Multiple government entities were recently the targets of ransomware attacks; the most recent being the attacks against Dominican Republic and Chile. Let us take a look at the actual scenario.

Attack against Dominican Republic

  • The Instituto Agrario Dominicano, a part of the Ministry of Agriculture, suffered a Quantum ransomware attack.
  • The attack encrypted four physical servers and eight virtual servers.
  • The threat actor demanded a ransom of $650,000 and claimed to have stolen over 1TB of data. 
  • The Quantum ransomware gang is responsible for 7% of total ransomware assaults against operational systems observed by Dragos in Q2 2022.

Attack against Chile

  • Chile’s CSIRT announced that an unnamed government agency suffered a ransomware attack.
  • The attack targeted Microsoft and VMware ESXi servers belonging to the agency, which stopped all running virtual machines.
  • While the malware behavior points toward RedAlert ransomware, the IOCs shared by the CSIRT either point to the Conti ransomware operation or return an inconclusive result. 

The bottom line

These breaches are a reminder for the immense threats posed by ransomware, whether against an organization or an entire nation. Moreover, ransomware actors are increasingly shifting to targeted countries and their government agencies for cyberespionage purposes. Therefore, it is recommended that one goes through all the related IOCs and implements proper defenses against ransomware attacks.
Cyware Publisher

Publisher

Cyware