This report provides a technical analysis of Quantum ransomware, a rebrand of MountLocker discovered in August 2021, explaining how it stops targeted services and processes, spreads across Windows domains, local networks, and shared resources, and logs activity to a “.log” file while generating a client ID by XOR-encrypting the computer name. It details the encryption flow using ChaCha20 for file content, with keys protected through layered ChaCha20 and RSA-2048 encryption, and the “.quantum” file extension plus a “README_TO_DECRYPT.html” ransom note created in encrypted directories. The paper also documents operational parameters (e.g., /LOGIN, /PASSWORD, /NETWORK, /SHAREALL, /FAST, /TARGET, /NOKILL), persistence and self-deletion behavior, and ends with indicators of compromise including

Join for free to read