Analysts have found a ransomware marketing campaign from a brand new group referred to as “Monti,” which depends nearly completely on leaked Conti code to launch assaults.
The Monti group emerged with a spherical of ransomware assaults over the Independence Day weekend, and was in a position to efficiently exploit the Log4Shell vulnerability to encrypt 20 BlackBerry consumer hosts and 20 servers, BlackBerry’s Analysis and Intelligence Crew reported.
After additional evaluation, researchers found that the indications of compromise (IoCs) for the brand new ransomware assaults have been the identical as in earlier Conti ransomware assaults, with one twist: Monti incorporates the Acrion 1 Distant Monitoring and Upkeep (RMM) Agent.
However moderately than being Conti reborn, the researchers stated they imagine Monti lifted Conti’s infrastructure when it was leaked final spring, throughout February and March.
“As further ransomware-as-a-service (RaaS) resolution builders and supply code turn out to be leaked, both publicly or privately, we might proceed to see these doppelganger-like ransomware teams proliferate,” the BlackBerry group added. “Normal familiarity with the TTPs [tactics, techniques and procedures) of known groups can help us identify any unique traits of these lookalike crews.”