Analysts have found a ransomware marketing campaign from a brand new group known as “Monti,” which depends virtually fully on leaked Conti code to launch assaults.
The Monti group emerged with a spherical of ransomware assaults over the Independence Day weekend, and was capable of efficiently exploit the Log4Shell vulnerability to encrypt 20 BlackBerry person hosts and 20 servers, BlackBerry’s Analysis and Intelligence Group reported.
After additional evaluation, researchers found that the symptoms of compromise (IoCs) for the brand new ransomware assaults had been the identical as in earlier Conti ransomware assaults, with one twist: Monti incorporates the Acrion 1 Distant Monitoring and Upkeep (RMM) Agent.
“As further ransomware-as-a-service (RaaS) answer builders and supply code grow to be leaked, both publicly or privately, we might proceed to see these doppelganger-like ransomware teams proliferate,” the BlackBerry workforce added. “Basic familiarity with the TTPs [tactics, techniques and procedures) of known groups can help us identify any unique traits of these lookalike crews.”