Dominican Republic refuses to pay ransom after attack on agrarian institute
Image: Flickr/The Record
Jonathan Greig August 26, 2022

Dominican Republic refuses to pay ransom after attack on agrarian institute

Dominican Republic refuses to pay ransom after attack on agrarian institute

The government of the Dominican Republic has said it will not pay a ransomware group that has crippled the IT services of an agrarian institute. 

The National Cybersecurity Center (CNCS) of the Caribbean nation said it is in the process of helping the Dominican Agrarian Institute (IAD) as it recovers from a ransomware attack. IAD is in charge of managing the country’s farming reforms and is within the Ministry of Agriculture. 

The director of technology of IAD told a local news outlet that they were threatened with a $600,000 ransom demand last Thursday and were facing the encryption of four physical servers and eight virtual servers. 

“The information was totally compromised, because the databases, applications, emails, etc., were affected,” an IAD spokesperson said. 

They added that the institute handles many titles, title deeds, provisional titles and cadastral surveys and more. Payroll systems were not affected by the attack, according to the spokesperson. 

Juan Gabriel Gautreaux, director of the CNCS, said the response is being handled by his office as well as the National Cyber ​​Incident Response Team and the Government Office of Information Technology and Communications. 

Gautreaux said the Dominican State “is not contemplating the payment of ransoms” as a way to “reduce the interest and motivation of attackers to this type of action.”

He added that progress is being made on reinforcing the cybersecurity measures around a number of government ministries. 

In total, Nuñez said there were 23 infected computers and the network remained disconnected this week. Gautreaux and others have worked to install a continuous monitoring tool to check if the ransomware attack is spreading. 

They recommended employees not connect their equipment to the internet, especially if they do not have security software. According to Hoy.com, CNCS told the IAD that the IP addresses — which are often obfuscated — came from the U.S. and Russia.

Bleeping Computer reported that the Quantum ransomware group took credit for the attack and several cybersecurity experts confirmed that fact to The Record. Two weeks ago, cybersecurity firm Dragos said Quantum was responsible for 7% of the total ransomware attacks the company saw against operational systems in Q2. 

The group recently was named as the culprit behind a brazen attack on a medical debt collection company that caused a widespread data breach affecting 657 healthcare organizations

Josh Rickard, senior security automation architect at Swimlane, noted that the attack on IAD follows a similar strike last week on Argentina’s Judiciary of Córdoba, which caused the Judiciary to shut down IT systems and their online portal. 

“Unfortunately, government organizations have become increasingly popular targets for cybercriminal groups who seek to exploit agencies’ wealth of sensitive information,” he said. “The IAD only had basic cybersecurity measures in place and no designated security department, making it an easy target for Quantum.”

The attack on the Dominican Republic comes amid a wave of high-profile ransomware incidents across Latin America and the Caribbean. 

The largest supermarket chain in Trinidad struggled to recover from a cyberattack that caused outages at all of its locations throughout the country in May while hackers took control of the Twitter account of Brazilian retail giant Fast Shop in June

Ransomware groups targeted the Secretary of State for Finance of Rio de Janeiro in April and crippled the government of Costa Rica in May. 

UPDATE 9/2/2022: The Quantum ransomware group took credit for the attack on the Dominican Republic, adding the agrarian institute to its list of victims.

The group claimed it stole about 1.1 TB of data.

Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.