Security News > 2022 > April > Meteoric attack deploys Quantum ransomware in mere hours

A group wielding the Quantum Locker ransomware is hitting targets in a blitzkrieg-like manner, going from intial compromise to domain-wide deployment and execution in under four hours, researchers with The DFIR Report are warning.

The threat of ransomware continues unabated and attackers are becoming increasingly adept at executing attacks speedily, giving defenders only a small window of opportunity to detect, respond to and mitigate them.

Remotely detonate the Quantum Locker ransomware binary via WMI or PsExec from the Domain Controller.

All in all, the tactics, techniques, and procedures used by the threat actor are not innovative, but the speed with which they managed to go from initial compromise to ransomware deployment is unsettling and extremely unfavorable for defenders.

Once again, the tactics and techniques used by these attackers are not unusual, but there is one thing that is: the ransomware is written in the Rust programming language, which improves performance and safety.

"Similar to Darknet criminal marketplaces when a marketplace is shut down, the vendors move to a new marketplace. What does that show? When your previous ransomware group gets shut down, the members will take their skill sets and move on to other opportunities," he concluded.

News URL

https://www.helpnetsecurity.com/2022/04/26/quantum-ransomware/