Update: The Director of Communications for the Florida Department of Veterans Affairs has commented on the situation, posted below.
The well-known ransomware gang that goes by the name of Quantum has published the Florida Department of Veterans Affairs as the group's latest victim, just released earlier today.
The group maintains a website on the Dark Web called “Quantum Blog” that includes a list of the group's victims, as well as victim data available for anyone to download. While Quantum is not as active as some other ransomware gangs, such as Lockbit, Conti, or Blackhat, the group has still managed to breach a number of large organizations over the years.
The latest breach of the Florida Department of Veterans Affairs (FDVA) would be one of the largest attacks in the group's history.
If the claims are accurate, this could potentially expose the private data of veterans, employees, and contractors associated with the FDVA. The implications of this data breach could be catastrophic, exposing thousands of people to identify theft, fraud, and financial exploitation by various threat actors capitalizing on the release of this private data.
Quantum routinely publishes the data of its victims on the Dark Web if the group's ransom demands (financial payout) are not met. Data can also be sold to other cybercriminals for profit.
With the article published on the “Quantum Blog” earlier today, Quantum is claiming to have exfiltrated 1.1 TB of data from FDVA that includes:
- Veterans data
- Employee data
- Financial data
- HR data
- Supplier contracts
- Tax data
- Social Security Numbers
Below is a screenshot of the exploit announcement earlier today that RestorePrivacy obtained from Quantum's Dark Web blog site.
FDVA comments on the situation
RestorePrivacy contacted the Florida Department of Veterans Affairs and spoke with a person named Jeff, and we are awaiting further comment for this story from the FDVA Communications Director. We will update this article with any information we receive from the affected parties.
Update: we have received a succinct comment from FDVA on this matter, posted below.
Under Section 282.318 any suspected or confirmed cybersecurity breach is exempt from 119.07(1) and Section 24(a), Art. 1 of the State Constitution. We can’t confirm or deny.
– R. Steven Murray, Communications & External Affairs Director, FDVA
The FDVA spokesperson also provided USA Today reporter Jason Delgado with the following statement:
An attempt was made last week to install ransomware in several files on servers belonging to our agency. The attempt was unsuccessful and there are no infected files following the attempt. We continue to monitor.
– R. Steven Murray, Communications & External Affairs Director, FDVA
Looking at the agency's replies above, the spokesperson is still not denying that Quantum gained access to FDVA servers. And even if attempts to install ransomware were unsuccessful, it appears that Quantum was still successful in gaining access to FDVA servers and acquiring 1.1 TB of data.
About Quantum and its victims
Quantum is a very capable and potent ransomware group that has breached many other organizations over the years and we have no reason to doubt the group's claims.
At this time, the group has not published any of the data from FDVA and is likely demanding a ransom payout from the victim. This negotiation process can take some time, but if it fails, all data will likely be published on the Dark Web for threat actors to exploit. Right now the “Quantum Blog” hosts data obtained from other victims that anyone can download.
While Quantum is not in the news as much as other ransomware gangs, the group has been around since at least September 2020 under the name “MountLocker” ransomware, according to BleepingComputer.
In August 2021, the group rebranded to “Quantum” — the name it operates under today. The group's Dark Web site called “Quantum Blog” describes the group as follows:
About us
Team of experienced IT professionals, dedicated to the network security as a main problem of 21st century. We research all aspects in this field and force business to develop IT defense and security.We inform the society about attacks and consequenses, about information leaked to the hackers.
What we do
All posts are completely free, available for all visitors to download, use and repost in any place.
Other Quantum ransomware victims
Quantum has breached some large targets over the years, garnering the group media attention from around the world. The victims include a variety of different organizations, from private corporations to government entities, colleges, and school districts. Below is a partial list of past victims and links to various news stories about the attacks:
- Chattanooga Chamber of Commerce
- JetStar (caused travel disruptions)
- Lewis & Clark Community College (resulting in temporary closure)
- Altoona Area School District (in Altoona, PA)
- TILIA GROUP (revenues of 34.27 billion Euros)
- The Jewelry Exchange
- Zepter International
- Jazeera Airways
- Wolf Industrial
- Camden City School District
We will continue to monitor the situation for developments and update this article with any other commentary or information we receive.
Last updated on May 30, 2022 with new commentary and FDVA replies.
SarahJoe
Attacking our Veterans and those that work to help them is inhuman.
BoBeX
Hi Sven,
A well written article.
I don’t know Florida law, let,s hope that the FDVA a is only seeking to confirm the breach and then will take all reasonable steps to advise the (potential) victims. Not informing is very poor practice (even if excempt)
This gang appears (from above) to be particularly unscrupulous in selecting victims. Their claims of professionalism is delusional.
Veterans can of many ages but this data is going to have a proportionately high amount of aged people. And people with higher levels of health problems.
I didn’t see a hospital on the list of breaches but I bet the ignoble wretches wouldn’t hesitate.
BoBeX