Cyber Incident Victim: Instituto Agrario Dominicano

On August 18, 2022, the Dominican Republic's Instituto Agrario Dominicano (IAD), an agency under the Ministry of Agriculture responsible for agrarian reform programs, suffered a disruptive ransomware attack attributed to the Quantum operation. The attack encrypted four physical servers and eight virtual servers, compromising databases, applications, email systems, and virtually all operational infrastructure. Quantum actors initially demanded a $650,000 ransom and claimed to have exfiltrated over 1TB of sensitive data, threatening public release unless payment was made. IAD's Director of Technology, Walixson Amaury Nuñez, confirmed the agency lacked a dedicated cybersecurity department and relied solely on basic antivirus software prior to the incident, leaving systems vulnerable to compromise. The encryption rendered critical services inoperable, severely disrupting the agency's agrarian reform operations and administrative functions.

The National Cybersecurity Center (CNCS) of the Dominican Republic intervened to assist with recovery efforts, identifying attacker IP addresses originating from the United States and Russia during their investigation. IAD officials publicly stated an inability to pay the ransom due to financial constraints, citing the demanded amount as unaffordable. Quantum ransomware emerged as a rebrand of the MountLocker operation in August 2021, adopting the .quantum file extension, and later absorbed members from the disbanded Conti ransomware group, leading to increased attack volumes. This infiltration by Conti affiliates coincided with Quantum's resurgence in mid-2022, aligning with the timing of the IAD breach. The incident highlighted systemic vulnerabilities within the agency's IT infrastructure, including insufficient defensive measures and reliance on outdated security practices, exacerbating the operational and data integrity consequences of the encryption and theft.