Menu
Browse

Cyber Threat Actor: Quantum Ransomware

Actor Type Location Known Incidents
 Icon
Crime Syndicate
United States of America
1 incident
Profile

Quantum Ransomware, also known simply as Quantum, is a ransomware threat actor that has been publicly linked to the United States of America. The group operates under the alias Quantum Ransomware and has been observed targeting organizations that provide financial services to the healthcare sector, as evidenced by the attack on Professional Finance Company Inc. in February 2022. This incident resulted in the compromise of data belonging to over six hundred healthcare organizations, indicating a focus on entities that handle sensitive patient information. The actor’s primary objective appears to be financial gain through the deployment of ransomware and the extortion of victims, a motive consistent with the ransomware nature of its operations. Public reporting associates Quantum with Conti cybercrime affiliates, suggesting a connection to a broader criminal consortium rather than a state‑sponsored entity. No public attribution to a nation‑state has been made in the available sources.

In terms of tactics, techniques, and procedures, Quantum ransomware employs the Cobalt Strike framework to gain initial access and move laterally within victim networks. Prior to encrypting systems, the actors use command‑line tools to exfiltrate sensitive data, a pattern seen in the Professional Finance Company incident where patient names, addresses, financial details, Social Security numbers, birth dates, and medical treatment information were stolen. The ransomware payload itself is the Quantum variant, which has been described as emerging from earlier rebranded ransomware families such as MountLocker. Infrastructure associated with the Quantum operation was leveraged to support the attack, indicating a degree of operational continuity. The February 2022 breach of Professional Finance Company Inc. stands as a representative campaign, illustrating the group’s focus on healthcare‑adjacent financial providers and its use of ransomware coupled with data theft for extortion.

Incidents
Attributed incidents available to members
1 incident
Sources
Sources available to members
0 sources