Monti, the New Conti : Ransomware Gang Uses Recycled Code

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,394
Analysts have discovered a ransomware campaign from a new group called "Monti," which relies almost entirely on leaked Conti code to launch attacks.

The Monti group emerged with a round of ransomware attacks over the Independence Day weekend, and was able to successfully exploit the Log4Shell vulnerability to encrypt 20 BlackBerry user hosts and 20 servers, BlackBerry's Research and Intelligence Team reported. After further analysis, researchers discovered that the indicators of compromise (IoCs) for the new ransomware attacks were the same as in previous Conti ransomware attacks, with one twist: Monti incorporates the Acrion 1 Remote Monitoring and Maintenance (RMM) Agent. But rather than being Conti reborn, the researchers said they believe Monti lifted Conti's infrastructure when it was leaked last spring, during February and March.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top