The Monti ransomware group, recognized for imitating the ways and instruments of the Conti ransomware group, has resurfaced after a two-month hiatus with a new Linux model of their encryptor. This model exhibits vital adjustments from their earlier Linux-based variations and has a decrease similarity fee to Conti. The new variant consists of options resembling a ‘–whitelist’ parameter to skip digital machines, the removing of sure command-line arguments, tampering with the motd file to show the ransom notice, and utilizing AES-256-CTR encryption as an alternative of Salsa20. The encryption course of additionally varies based mostly on file dimension, with information bigger than 1.048 MB however smaller than 4.19 MB having solely a portion of their content material locked. The Monti group seemingly used components of the Conti supply code as a base however made vital adjustments, making it more durable to detect and mitigate their actions.
Source hyperlink
