Fraud Management & Cybercrime , Ransomware

Monti Ransomware Deploying New Linux Encryptor

More Ransomware Groups Targeting Linux Systems
Monti Ransomware Deploying New Linux Encryptor

A ransomware campaign by the recently emerged Monti ransomware group is targeting victims with a new Linux variant of its malware. The threat group is the latest in a growing number of ransomware groups finding profit in going after Linux infrastructure.

See Also: Live Webinar | Crack Australia’s Code on Ransomware: Empowering Your Last Line of Defence

Researchers at Trend Micro said the threat group is now deploying a Linux encryptor to target victims in legal and government sectors. Although the group has previously deployed Linux variants, the new encryptor comes with advanced evasion capabilities that make it harder to detect, the researchers said.

Monti was first identified in 2022. Its techniques and procedures largely mirror the now-defunct Conti ransomware group. Trend Micro researchers said this is because the group may have developed its toolkit based on Conti's leaked source code (see: Conti Ransomware Group Retires Name After Creating Spinoffs).

Capabilities of the new Linux encryptor include intermittent encryption based on the file size and ability to terminate virtual machines on the system, allowing the hackers to evade detection.

"It's likely that the threat actors behind Monti still employed parts of the Conti source code," the TrendMicro researchers said. "By altering the code, Monti's operators made their malicious activities even more challenging to identify and mitigate."

Monti is among an increasing number of ransomware groups that tweaked its malware infrastructure to target Linux servers and operating systems. Eight in 10 web servers run on Linux. While the number of ransomware groups using Linux variants stood at 118 in the first half quarter of 2022, it increased by fourfold in 2023, a recent report from security firm Recorded Future found.


About the Author

Akshaya Asokan

Akshaya Asokan

Senior Correspondent, ISMG

Asokan is a U.K.-based senior correspondent for Information Security Media Group's global news desk. She previously worked with IDG and other publications, reporting on developments in technology, minority rights and education.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.