Monti Ransomware

By CagedTech in Ransomware

Translate To:

The Monti Ransomware is a data-encryption malware created by cybercriminals to lock the files of their victims. Analysis of the threat has revealed that it is almost entirely identical to the infamous CONTI Ransomware. In early 2022, the CONTI Ransomware operations suffered a massive data breach, which resulted in their hacking tools, source code, and operational data becoming freely available to the public. In essence, wannabe cybercriminals now had a detailed plan on how to conduct ransomware attacks.

Even though it is just a variant, Monti's encryption process is strong enough to prevent the restoration of the impacted files without assistance from the attackers. The threat will generate a random 5-character string and append it to the names of all encrypted files on the breached device. Victims also will notice that a text file named 'readme.txt' has been created on the infected systems.

Inside the file is a ransom note detailing the demands of the attackers. The message reveals that the cybercriminals are mainly targeting corporate entities. They also claim to collect sensitive data that is used as additional extortion leverage against the victims. The hackers threaten to start publishing the victim's information on a dedicated leak site. The only way to contact the group is via their website hosted on the TOR network.

The full text of the threat's ransom note is:

'All of your files are currently encrypted by MONTI strain. If you don't know who we are - just "Google it."
As you already know, all of your data has been encrypted by our software.
It cannot be recovered by any means without contacting our team directly.
DON'T TRY TO RECOVER your data by yourselves. Any attempt to recover your data (including the usage of the additional recovery software) can damage your files. However,
if you want to try - we recommend choosing the data of the lowest value.
DON'T TRY TO IGNORE us. We've downloaded a pack of your internal data and are ready to publish it on our news website if you do not respond.
So it will be better for both sides if you contact us as soon as possible.
DON'T TRY TO CONTACT feds or any recovery companies.
We have our informants in these structures, so any of your complaints will be immediately directed to us.
So if you will hire any recovery company for negotiations or send requests to the police/FBI/investigators, we will consider this as a hostile intent and initiate the publication of whole compromised data immediately.
To prove that we REALLY CAN get your data back - we offer you to decrypt two random files completely free of charge.
You can contact our team directly for further instructions through our website :
TOR VERSION :
(you should download and install TOR browser first hxxps://torproject.org)
YOU SHOULD BE AWARE!
We will speak only with an authorized person. It can be the CEO, top management, etc.
In case you are not such a person - DON'T CONTACT US! Your decisions and action can result in serious harm to your company!
Inform your supervisors and stay calm!'

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Monti Ransomware

Submit Comment

Related Posts

Montiera Toolbar

Trending

Safe Search Eng

Findtheirreport.com

MarioLocker Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen