Analysts have found a ransomware marketing campaign from a brand new group known as “Monti,” which depends virtually totally on leaked Conti code to launch assaults.
The Monti group emerged with a spherical of ransomware assaults over the Independence Day weekend, and was in a position to efficiently exploit the Log4Shell vulnerability to encrypt 20 BlackBerry person hosts and 20 servers, BlackBerry’s Analysis and Intelligence Group reported.
After additional evaluation, researchers found that the symptoms of compromise (IoCs) for the brand new ransomware assaults had been the identical as in earlier Conti ransomware assaults, with one twist: Monti incorporates the Acrion 1 Distant Monitoring and Upkeep (RMM) Agent.
However somewhat than being Conti reborn, the researchers mentioned they consider Monti lifted Conti’s infrastructure when it was leaked final spring, throughout February and March.
“As further ransomware-as-a-service (RaaS) answer builders and supply code change into leaked, both publicly or privately, we may proceed to see these doppelganger-like ransomware teams proliferate,” the BlackBerry workforce added. “Common familiarity with the TTPs [tactics, techniques and procedures) of known groups can help us identify any unique traits of these lookalike crews.”
