Quantum
This group is among the fastest ransomware groups due to the speed of its attacks, where some incidents have taken place within as little as 4 hours. The groups’ victims tend to be in the financial and healthcare sectors, targeting them with an email containing an attachment or link to an ISO image containing an IceID payload, a lately successful tactic at fooling security controls. After execution of the IceID payload and child processes are spawned to create persistence, a Cobalt Strike beacon is deployed to further the attack and gain a stronger foothold within the environment. The malware‘s ransom notes directs victims to a portal where they can contact and negotiate with the group. The group is a rebrand of MountLocker ransomware, which launched in September 2020. Since then, the ransomware gang has rebranded several times, including AstroLocker, XingLocker, and now in its current phase, the Quantum Locker.