Security News > 2023 > August > Monti Ransomware Returns with New Linux Variant and Enhanced Evasion Tactics

The threat actors behind the Monti ransomware have resurfaced after a two-month break with a new Linux version of the encryptor in its attacks targeting government and legal sectors.

Monti emerged in June 2022, weeks after the Conti ransomware group shut down its operations, deliberately imitating the tactics and tools associated with the latter, including its leaked source code.

The new version, per Trend Micro, is a departure of sorts, exhibiting significant changes from its other Linux-based predecessors.

"Unlike the earlier variant, which is primarily based on the leaked Conti source code, this new version employs a different encryptor with additional distinct behaviors," Trend Micro researchers Nathaniel Morales and Joshua Paul Ignacio said.

The Linux variant is also designed to tamper with the motd file to display the ransom note, employ AES-256-CTR encryption instead of Salsa20, and solely rely on the file size for its encryption process.

"It's likely that the threat actors behind Monti still employed parts of the Conti source code as the base for the new variant, as evidenced by some similar functions, but implemented significant changes to the code - especially to the encryption algorithm," the researchers said.

News URL

https://thehackernews.com/2023/08/monti-ransomware-returns-with-new-linux.html