Attackers Deploy Quantum Ransomware In Rapid Network Attacks

Share post:

Security researchers at The DFIR Report have uncovered the cyber activities of the Quantum ransomware gang which saw the attackers go from initial access to domain-wide ransomware.

Described as one of the fastest ransomware cases, the attackers used an IcedID payload delivered via email as the initial access vector.

After the initial IcedID payload was executed, almost two hours after the initial infection, the threat actors begin hands-on keyboard activity. The attackers then use Cobalt Strike and RDP to move across the network, before they use WMI and PsExec to deploy the Quantum ransomware.

The attack highlights an extremely short Time-to-Ransom (TTR) of 3 hours and 44 minutes.

The attackers were able to enter the network when a user endpoint was compromised by an IcedID payload contained in an ISO image.

The ISO contained a DLL file (IcedID malware) and an LNK shortcut to execute it. Once the ISO file was clicked, a single file name “document” is displayed. The file is an LNK shortcut to a hidden DLL that is packaged in the ISO. When the user clicks on the LNK file, the IcedID DLL is executed.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Cyber Security Today, May 20, 2024 -Ransomware gang claims it hit a Canadian internet provider

A ransomware gang claims it hit a Canadian internet provider. Welcome to Cyber Security Today. It's Monday May 20th,...

Cyber Security Today, Week in Review for week ending Friday May 17, 2024

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, May 17th,...

Cyber Security Today, May 17, 2024 – Malware hiding in Apache Tomcat servers

Malware hiding in Apache Tomcat servers, new backdoors found, and more Welcome to Cyber Security Today. It's Friday, May...

MIT students exploit blockchain vulnerability to steal 25 million dollars

Two MIT students have been implicated in a highly sophisticated cryptocurrency heist, where they reportedly exploited a vulnerability...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways