Is it the successor or lookalike of Monti Ransomware Conti?
The notorious Conti ransomware gang has remained fairly quiet since leaking its source code, internal chats, and other sensitive information in February. Now security companies are wondering if the new Monti ransomware is a successor to Conti or just copying the band’s playbook.
Intel471(Opens in a new window) and BlackBerry(Opens in a new window) separately published their research on Monti on September 7, but the ransomware was discovered and disclosed by MalwareHunterTeam on Twitter on June 30:
Intel471 says Monti “could be a rebranding of Conti or just a new ransomware variant that was developed using leaked source code” released in February. It does not appear that Monti was active enough for the security company to determine his relationship with Conti.
BlackBerry seems more confident in its assessment that because Conti’s February leaks “effectively gave Monti threat actors a step-by-step guide to emulating Conti’s notoriously successful activities”, Monti is a copycat rather than a true successor to its namesake.
“Although the activity of the Monti group itself appears to have been short-lived, we can learn more from its imitation techniques,” says BlackBerry. “As more Ransomware-as-a-Service (RaaS) solution builders and source code are leaked, either publicly or privately, we may continue to see these look-alike ransomware groups proliferate.”
Recommended by our editors
Monti’s relationship with Conti is curious, of course, but that may not mean much to the organizations targeted by the ransomware gang. Most people don’t ask to see a family tree when they get punched in the face; these kinds of questions are usually asked when the attack is over.
It’s unclear if Monti is done throwing punches. “Whether Conti is rebranded as Monti, in a bid to poke fun at the old strain, or whether it’s just another new ransomware variant on the block,” Intel471 says, “it’s likely we’ll continue to see this new variant impact businesses around the world.”
Do you like what you read ?
Register for Security Watch newsletter for our top privacy and security stories delivered straight to your inbox.