Monti

Malware Profile Updated 25 days ago
Download STIX
Preview STIX
Monti is a prominent Linux ransomware family known for its harmful activities aimed at exploiting and damaging computer systems. The malware first gained attention in 2022, following the implosion of another notorious ransomware group, Conti. Monti repurposed Conti's leaked source code and even mimicked their tactics to establish its presence. It specifically targets victims' VMware ESXi servers, similar to other ransomware groups like Royal, Black Basta, LockBit, RTM Locker, Qilin, ESXiArgs, and Akira. During encryption, Monti generates files with debug information (work.log and result.txt), which provide insights into its execution and encryption process. The Monti ransomware group has been involved in several high-profile cyberattacks. For instance, it recently claimed responsibility for a cyberattack on Diablo Valley Oncology, adding the healthcare provider to its growing list of victims. This was not the first time Monti targeted a significant institution, indicating its preference for high-value targets. The group has also been linked to revenge attacks, as evidenced by an incident involving a hacker named D#NUT. Monti accused D#NUT of stealing $100,000 and not fulfilling deal terms, leading to a retaliatory hack in March 2023. The connections between Monti and other ransomware groups are complex and interwoven. An individual named Matveev, who held a management-level role with the Babuk ransomware group until early 2022, has been associated with Monti. Matveev had affiliations with multiple other ransomware groups, including Conti, LockBit, Hive, Trigona, and NoEscape, and shared a "complex relationship" with Dudka, who is likely the developer behind both Babuk and Monti. These associations highlight the intricate network within the cybercrime ecosystem.
What's your take? (Question 1 of 5)
12ee5083-6123-447e-87ae-1ad4a371f2bb Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Conti
5
Conti is a type of malware, specifically ransomware, that infiltrates systems to exploit and damage them, often stealing personal information or disrupting operations. This malicious software has been used in conjunction with other forms of malware such as Trickbot, BazarLoader, IcedID, and Cobalt S
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Ransomware
Linux
Windows
Encryption
Malware
Ransom
Data Leak
Vulnerability
Esxi
Fortiguard
Encrypt
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
LockbitUnspecified
2
LockBit is a malicious software, or malware, that has been significantly active in recent years. It is designed to infiltrate systems and cause significant damage by stealing sensitive information, disrupting operations, and holding data hostage for ransom. In 2023, security firm Rapid7 named LockBi
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Conti Teamis related to
2
The Conti team, a threat actor group known for its malicious activities in the cyber realm, has seen significant developments and transformations over recent years. In September 2022, a splinter group from Conti Team One resurfaced under the name Royal Ransomware, conducting callback phishing attack
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
No associations to display
Source Document References
Information about the Monti Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Trend Micro
9 months ago
Monti Ransomware Unleashes a New Encryptor for Linux
Fortinet
a year ago
Ransomware Roundup – Monti, BlackHunt, and Putin Ransomware | FortiGuard Labs
CERT-EU
a year ago
Action1 RMM Seen Abused In Ransomware Attacks
CERT-EU
9 months ago
Monti Ransomware’s Linux Variant Attacks the Financial & Healthcare Industries
Securityaffairs
9 months ago
Monti Ransomware gang launched a new Linux encryptor
CERT-EU
9 months ago
Monti Returns From 2-Month Break with Revamped Ransomware Variant
Checkpoint
6 months ago
The Platform Matters: A Comparative Study on Linux and Windows Ransomware Attacks - Check Point Research
BankInfoSecurity
9 months ago
Monti Ransomware Deploying New Linux Encryptor
CERT-EU
8 months ago
New Zealand university operating despite cyberattack
CERT-EU
9 months ago
New VMware ESXi server attacks launched by Monti ransomware
CERT-EU
5 months ago
Diablo Valley Oncology Cyberattack Claimed By Monti Group | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware | National Cyber Security Consulting
Securityaffairs
9 months ago
Security Affairs newsletter Round 433 by Pierluigi Paganini
CERT-EU
9 months ago
Leftover Links 15/08/2023: Chinese Sanctions, OpenAI Bankrupcy Expected by 2024
CERT-EU
9 months ago
Les dernières cyberattaques (22 août 2023) • Cybersécurité
CERT-EU
a year ago
Links 20/03/2023: Amazon Linux 2023 and Linux Kernel 6.3 RC3
Checkpoint
8 months ago
25th September – Threat Intelligence Report - Check Point Research
CERT-EU
7 months ago
State-sponsored attacks cede to financial scams in 2023, NCSC reports
CERT-EU
6 months ago
University Of Wollongong Data Breach Confirmed
CERT-EU
4 months ago
VMware confirms critical vCenter flaw now exploited in attacks
Checkpoint
9 months ago
21st August – Threat Intelligence Report - Check Point Research