There has been a wave of attacks by the Quantum group targeting several different companies. Small, medium and large companies have been targeted. In this case a large river logistics company in Argentina was the victim.
The hackers most likely found a loophole in the system through emails sent to employees. Once the malware was inserted into the environment, the criminals managed to encrypt the data with the Quantum extension. They then stipulated a $100,000 figure for the ransom.
Paying the amount requested by the hackers was not an option. It had been two weeks since the day of the attack.
After trying to recover in a few ways, the company became aware of the situation and decided to look for an external alternative to the problem. After some time of searching they found us and decided to contact us by phone.
After the first contact with our team, we identified the main points of the project and consequently performed the advanced diagnosis.
A number of 15 Hyper-V virtual machines and the entire backup server (Veeam) had been infected, causing the paralysis of all administrative and operational processes of the company for 2 weeks, mainly in the HR and financial sectors.
The result of the diagnosis made gave us an optimistic view of the project, there was a possibility of decrypting the files, and our specialists were able to do this.
With the customer’s authorization, we then started the recovery process. Even with the accepted commercial proposal, the customer seemed suspicious, which can be understood given the large volume of data involved in the project.
To bring confidence to the customer, we did what we usually do in our projects, we established a series of checkpoints that were communicated to inform in real time about each advance in the project. Organizing things in this way eased the client’s fears and concerns.
The recovery went as planned and our team was able to decrypt 100% of the files encrypted by the ransomware. In total, we recovered data from 15 virtual machines and restored the Veeam backup present in the environment.
The client was able to resume its activities quickly after our intervention. Without RansomHunter’s support, one of the largest River Logistics companies in Latin America would have had its image completely tarnished in the face of the events. Not to mention the repercussions from its own clients due to the loss of sensitive data.
To negotiate with hackers is to negotiate with criminals. At RansomHunter we decrypt ransomware files without negotiating with hackers. We helped a large company experience a turnaround in the situation, we can help you too.