Huntress Acquires Inside Agent: A New Era for Identity Protection
Portal LoginSupportContact
Search
Portal LoginSupportContact
Search
Get a Demo
Free Trial
HomeThreat Actors
Quantum Spider
Threat Actor Profile

Quantum Spider

Quantum Spider, also known by aliases MountLocker, SunRiseLocker, and AstroLocker, is a Big Game Hunting (BGH) adversary first observed in August 2020. Operating as a Ransomware-as-a-Service (RaaS), this group employs double extortion tactics, encrypting files and threatening to leak sensitive data if ransoms are not paid.


Threat Actor Profile

Quantum Spider

Country of Origin

The exact country of origin for Quantum Spider is unknown. However, their operational patterns and infrastructure suggest potential ties to Eastern Europe, a common hub for ransomware groups.

Members

The group’s size is unknown, but it includes a core team of developers and a network of affiliates. Affiliates are responsible for initial compromises, data exfiltration, and ransomware deployment.

Leadership

No specific individuals or aliases have been publicly identified as leaders of Quantum Spider. The group operates under a decentralized RaaS model, with affiliates executing attacks.

Quantum Spider TTPs

Tactics

Quantum Spider targets large organizations, leveraging double extortion to maximize financial gain. They focus on industries like healthcare, finance, and government.


Techniques

The group uses phishing campaigns, exploits vulnerabilities in remote desktop protocols (RDP), and employs tools like CobaltStrike Beacon for lateral movement.


Procedures

Encrypts files using ChaCha20 and RSA-2048 encryption, exfiltrates sensitive data via FTP before encryption, and hosts TOR-based blogs to publicize stolen data and pressure victims.


Want to Shut Down Threats Before They Start?

Schedule a Demo Todayright arrow

Notable Cyberattacks

  • 2020: Emergence of MountLocker ransomware, targeting diverse industries with double extortion tactics.

  • 2021: Rebranding as Quantum ransomware, with a TOR-based victim blog.

  • 2022: High-profile attacks leveraging updated ransomware variants.

Law Enforcement & Arrests

No arrests or law enforcement actions have been publicly reported against Quantum Spider members.


How to Defend Against Quantum Spider

1


Preventive Measures: Regularly update software, employ multi-factor authentication, and conduct phishing awareness training.


Huntress solutions help protect organizations by monitoring endpoints, detecting post-exploitation techniques, and mitigating threats with 24/7 managed detection and response.

Schedule a Demo

References

Detect, Respond, Protect

See how the global Huntress SOC can augment your team
with 24/7 coverage and unmatched human expertise.
Start your free trial today.

Try Huntress for Free