Security expert on Dominican Republic ransomware attack

A person using a computer. — © Image by Tim Sandle

The Dominican Republic’s Instituto Agrario Dominicano has suffered a Quantum ransomware attack. The impact of the attack was to encrypt multiple services and workstations throughout the government agency. The attack encrypted multiple services and workstations throughout the government agency. Because of the lack of security measures in place at the agency – which only had basic security software in place – IAD’s information was totally compromised.

The Instituto Agrario Dominicano (IAD) is part of the country’s Ministry of Agriculture and the agency is primarily responsible for executing Agrarian Reform programmes within the country. Quantum ransomware claims to have gained access to over 1TB of data and has requested IAD pay a public ransom fee of over $600,000.

Looking into the matter for Digital Journal is Stephan Chenette, Co-Founder and CTO at AttackIQ.

Chenette begins by considering the people behind the cyberattack and their attack rationale, noting: “Just last month Quantum ransomware group was responsible for a data breach that affected over 650 healthcare providers. Now, The Dominican Republic’s Instituto Agrario Dominicanothe has suffered ransomware attack by Quantum.”

In terms of impact, Chenette finds: “Personally identifiable information, which includes the names, email addresses, databases, and applications were hacked. This data can now be bought and sold for top dollar on the dark web, further exposing victims to future fraud or phishing attacks. Additionally, this attack has disrupted the agency’s operations until a ransom of $600,000 has been paid to Quantum.”

That the state sector has been attacked is unsurprising given the rich stream of data held in government servers.

This causes Chenette  to state: “Government organizations are an attractive target for cybercriminals because of the wealth of sensitive information they hold. It is critical for all organizations that manage sensitive information to adopt a threat-informed cyber-defense strategy.”

Building on this recommendation, Chenette adds: “This approach should be tailored to focus on the adversaries most likely to impact their operations to maximize their ability to protect sensitive information.”

Furthermore, Chenette advises: “This should include mapping organizational capabilities and security controls to specific attack scenarios to measure their preparedness to detect, prevent and respond to these threats. They should also employ continuous evaluation of their existing security controls to uncover gaps before a hacker finds and exploits any weaknesses.”

There are further approaches that business and state organisations should be adopting, which Chenette  outlines as: “To best defend against ransomware attacks, it is also important to understand the common tactics, techniques, and procedures used by the adversary.”

Chenette’s final recommendation is: “Using the MITRE ATT&CK framework, government organizations can test their cyberdefenses against known threats and ensure that their defenses function as they should. This gives organizations a ready-made, adaptive means to plan for threats.”