uTalk

Official forum for Utopia Community

You are not logged in.

#1 2023-08-15 22:43:15

thrive
Member
Registered: 2023-01-04
Posts: 2,575

Return of Monti Ransomware with New Linux Variant and Improved Evasion

Following a two-month hiatus, the threat actors behind the Monti ransomware have returned to attack targets in the legal and government sectors using a new Linux version of the encryptor.

In June 2022, weeks after the Conti ransomware group stopped operating, Monti appeared and purposefully imitated the strategies, tools, and leaked source code used by the latter. no longer.

Compared to its other Linux-based predecessors, the new version, according to Trend Micro, represents something of a departure.

According to Trend Micro researchers Nathaniel Morales and Joshua Paul Ignacio, "unlike the earlier variant, which is mainly based on the leaked Conti source code, this new version employs a different encryptor with additional distinct behaviors.".

A BinDiff analysis has shown that while earlier iterations had a 99 percent similarity rate with Conti, the most recent version only has a 29 percent similarity rate, indicating a redesign.

The removal of the command-line arguments --size, --log, and --vmlist, as well as the addition of the "--whitelist" parameter, which instructs the locker to skip a list of virtual machines, are some of the most significant changes.

The Linux variant uses AES-256-CTR encryption rather than Salsa20 and solely relies on the file size for its encryption process. It is also designed to modify the motd (also known as message of the day) file to display the ransom note.


Malware called Monti.

The first 100,000 (0xFFFFF) bytes of files larger than 1.048 MB but smaller than 4.19 MB will only be encrypted, whereas files larger than 4.19 MB may have some of their content locked depending on the results of a Shift Right operation.

The entire content of files with a size less than 1.048 MB will be encrypted.

As evidenced by some similar functions, the threat actors who created Monti "likely employed portions of the Conti source code as a base for the new variant, but implemented significant changes to the code, especially to the encryption algorithm," the researchers wrote.

Additionally, by changing the code, Monti's operators are making it more difficult to detect and stop their malicious activities. ".

Offline

#2 2023-09-04 17:50:06

CrytoCynthia
Member
Registered: 2022-11-19
Posts: 3,193

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

Well all browsers and sites now has its own risk I want to understand how to host my website on Utopia p2p network but I have not been able to learn how to do that

Offline

#3 2023-09-19 21:07:05

Vastextension
Member
Registered: 2022-11-19
Posts: 2,701

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

CrytoCynthia;21380 wrote:

Well all browsers and sites now has its own risk I want to understand how to host my website on Utopia p2p network but I have not been able to learn how to do that

No, not all browsers and sites have own level of risk. While the internet as a whole carries inherent risks, the level of risk can vary depending on factors such as the browser's security features, the website's security protocols, and user behavior.

Offline

#4 2023-09-19 21:07:46

level
Member
Registered: 2023-01-19
Posts: 1,844

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

Vastextension;22198 wrote:
CrytoCynthia;21380 wrote:

Well all browsers and sites now has its own risk I want to understand how to host my website on Utopia p2p network but I have not been able to learn how to do that

No, not all browsers and sites have own level of risk. While the internet as a whole carries inherent risks, the level of risk can vary depending on factors such as the browser's security features, the website's security protocols, and user behavior.

Different browsers offer varying levels of security and privacy features. Some browsers have built-in security measures, such as sandboxing, pop-up blockers, and protection against malicious websites.

Offline

#5 2023-09-19 21:08:08

IyaJJJ
Member
Registered: 2023-01-25
Posts: 2,082

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

level;22199 wrote:
Vastextension;22198 wrote:
CrytoCynthia;21380 wrote:

Well all browsers and sites now has its own risk I want to understand how to host my website on Utopia p2p network but I have not been able to learn how to do that

No, not all browsers and sites have own level of risk. While the internet as a whole carries inherent risks, the level of risk can vary depending on factors such as the browser's security features, the website's security protocols, and user behavior.

Different browsers offer varying levels of security and privacy features. Some browsers have built-in security measures, such as sandboxing, pop-up blockers, and protection against malicious websites.

More secure browsers also prioritize regular updates to address emerging threats and vulnerabilities.

Offline

#6 2023-09-19 21:09:23

joanna
Member
Registered: 2023-01-10
Posts: 3,896

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

IyaJJJ;22200 wrote:
level;22199 wrote:
Vastextension;22198 wrote:

No, not all browsers and sites have own level of risk. While the internet as a whole carries inherent risks, the level of risk can vary depending on factors such as the browser's security features, the website's security protocols, and user behavior.

Different browsers offer varying levels of security and privacy features. Some browsers have built-in security measures, such as sandboxing, pop-up blockers, and protection against malicious websites.

More secure browsers also prioritize regular updates to address emerging threats and vulnerabilities.

Websites can also vary in terms of security depending on factors like encryption protocols, secure communication channels (HTTPS), and measures to protect user data.

Offline

#7 2023-09-19 21:09:59

Vastextension
Member
Registered: 2022-11-19
Posts: 2,701

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

joanna;22201 wrote:
IyaJJJ;22200 wrote:
level;22199 wrote:

Different browsers offer varying levels of security and privacy features. Some browsers have built-in security measures, such as sandboxing, pop-up blockers, and protection against malicious websites.

More secure browsers also prioritize regular updates to address emerging threats and vulnerabilities.

Websites can also vary in terms of security depending on factors like encryption protocols, secure communication channels (HTTPS), and measures to protect user data.

Well-maintained websites employ security practices, including vulnerability scanning, secure coding, and regular security audits.

Offline

#8 2023-09-19 21:10:31

level
Member
Registered: 2023-01-19
Posts: 1,844

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

Vastextension;22202 wrote:
joanna;22201 wrote:
IyaJJJ;22200 wrote:

More secure browsers also prioritize regular updates to address emerging threats and vulnerabilities.

Websites can also vary in terms of security depending on factors like encryption protocols, secure communication channels (HTTPS), and measures to protect user data.

Well-maintained websites employ security practices, including vulnerability scanning, secure coding, and regular security audits.

A significant factor in online risk is user behavior. Engaging in unsafe practices such as visiting suspicious websites, clicking on unknown links, downloading files from untrusted sources, or sharing sensitive information with unsecure sites increases the likelihood of encountering risks.

Offline

#9 2023-09-19 21:11:04

IyaJJJ
Member
Registered: 2023-01-25
Posts: 2,082

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

level;22203 wrote:
Vastextension;22202 wrote:
joanna;22201 wrote:

Websites can also vary in terms of security depending on factors like encryption protocols, secure communication channels (HTTPS), and measures to protect user data.

Well-maintained websites employ security practices, including vulnerability scanning, secure coding, and regular security audits.

A significant factor in online risk is user behavior. Engaging in unsafe practices such as visiting suspicious websites, clicking on unknown links, downloading files from untrusted sources, or sharing sensitive information with unsecure sites increases the likelihood of encountering risks.

It's important to note that while browsers and websites can provide security features, they cannot eliminate all online risks.

Offline

#10 2023-09-19 21:11:24

Vastextension
Member
Registered: 2022-11-19
Posts: 2,701

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

IyaJJJ;22204 wrote:
level;22203 wrote:
Vastextension;22202 wrote:

Well-maintained websites employ security practices, including vulnerability scanning, secure coding, and regular security audits.

A significant factor in online risk is user behavior. Engaging in unsafe practices such as visiting suspicious websites, clicking on unknown links, downloading files from untrusted sources, or sharing sensitive information with unsecure sites increases the likelihood of encountering risks.

It's important to note that while browsers and websites can provide security features, they cannot eliminate all online risks.

Users must also be vigilant, follow best practices (such as using strong, unique passwords, enabling two-factor authentication, and keeping software up to date), and exercise caution while browsing the internet to mitigate potential risks.

Offline

#11 2023-11-01 19:34:54

Comrade
Member
From: Utopia App Client
Registered: 2022-12-30
Posts: 2,385

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

Vastextension;22205 wrote:
IyaJJJ;22204 wrote:
level;22203 wrote:

A significant factor in online risk is user behavior. Engaging in unsafe practices such as visiting suspicious websites, clicking on unknown links, downloading files from untrusted sources, or sharing sensitive information with unsecure sites increases the likelihood of encountering risks.

It's important to note that while browsers and websites can provide security features, they cannot eliminate all online risks.

Users must also be vigilant, follow best practices (such as using strong, unique passwords, enabling two-factor authentication, and keeping software up to date), and exercise caution while browsing the internet to mitigate potential risks.

The deliberate practice of upgrades of system each and every time available will help to meet up with the tech updates availability from host tech developer

Offline

#12 2024-05-15 17:25:56

crpuusd
Member
From: Blockchain
Registered: 2022-12-13
Posts: 2,411

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

The return of Monti ransomware after a hiatus, targeting legal and government sectors with a new Linux version, showcases the adaptability and innovation of threat actors.

Offline

#13 2024-05-15 17:27:09

Comrade
Member
From: Utopia App Client
Registered: 2022-12-30
Posts: 2,385

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

crpuusd;35537 wrote:

The return of Monti ransomware after a hiatus, targeting legal and government sectors with a new Linux version, showcases the adaptability and innovation of threat actors.

While initially imitating Conti's strategies and tools, Monti has evolved with a new version, indicating a departure from its predecessors. Monti's new version employs AES-256-CTR encryption, a departure from its previous use of Salsa20, indicating a continuous effort to enhance its encryption capabilities.

Last edited by Comrade (2024-05-15 17:27:34)

Offline

#14 2024-05-15 17:28:48

Europ
Member
Registered: 2023-05-23
Posts: 2,186

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

The new version of Monti ransomware modifies the motd file to display the ransom note and selectively encrypts files based on their size and content, showcasing a shift in behavior for increased effectiveness.

Offline

#15 2024-05-15 17:30:13

gap
Member
Registered: 2023-06-14
Posts: 1,925

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

By altering code and reducing similarity with Conti, Monti's operators are effectively evading detection, making it more challenging for security systems to detect and mitigate their activities.

Offline

#16 2024-05-15 17:40:49

Comrade
Member
From: Utopia App Client
Registered: 2022-12-30
Posts: 2,385

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

These are execute a larger forms of damage by Ability for attackers to gain administrator access to the management console, enabling them to monitor activities, upload files to ATMs, reboot or shut them down entirely.

Offline

#17 2024-05-15 17:43:07

crpuusd
Member
From: Blockchain
Registered: 2022-12-13
Posts: 2,411

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

Please can help me manipulating or deletion of log files to hide malicious activities and cover the attacker's tracks.Potential use of compromised infrastructure as a pivot point for further attacks on the internet, increasing the scope and impact of the security breach.

Offline

#18 2024-06-19 09:44:02

Comrade
Member
From: Utopia App Client
Registered: 2022-12-30
Posts: 2,385

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

After a brief hiatus, the Monti ransomware group has returned, targeting legal and government sectors with a new Linux version of their encryptor. This resurgence follows closely after the cessation of Conti ransomware activities in June 2022, with Monti adopting similar strategies and tools to its predecesso

Offline

#19 2024-06-19 09:45:07

gap
Member
Registered: 2023-06-14
Posts: 1,925

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

Comrade;38212 wrote:

After a brief hiatus, the Monti ransomware group has returned, targeting legal and government sectors with a new Linux version of their encryptor. This resurgence follows closely after the cessation of Conti ransomware activities in June 2022, with Monti adopting similar strategies and tools to its predecesso

However, this latest variant showcases unique behaviors, signaling a departure from previous Linux-based iterations. Stay vigilant and ensure robust cybersecurity measures to mitigate the risk of infiltration.

Offline

#20 2024-06-19 09:46:14

crpuusd
Member
From: Blockchain
Registered: 2022-12-13
Posts: 2,411

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

gap;38213 wrote:
Comrade;38212 wrote:

After a brief hiatus, the Monti ransomware group has returned, targeting legal and government sectors with a new Linux version of their encryptor. This resurgence follows closely after the cessation of Conti ransomware activities in June 2022, with Monti adopting similar strategies and tools to its predecesso

However, this latest variant showcases unique behaviors, signaling a departure from previous Linux-based iterations. Stay vigilant and ensure robust cybersecurity measures to mitigate the risk of infiltration.

Recent reports from Trend Micro shed light on the resurgence of Monti ransomware, now leveraging a distinct Linux variant to infiltrate organizations within the legal and government sectors. Unlike its predecessors, which heavily relied on leaked Conti source code, this latest iteration introduces a novel encryptor with additional functionalities.

Offline

#21 2024-06-19 09:49:00

Europ
Member
Registered: 2023-05-23
Posts: 2,186

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

crpuusd;38214 wrote:
gap;38213 wrote:
Comrade;38212 wrote:

After a brief hiatus, the Monti ransomware group has returned, targeting legal and government sectors with a new Linux version of their encryptor. This resurgence follows closely after the cessation of Conti ransomware activities in June 2022, with Monti adopting similar strategies and tools to its predecesso

However, this latest variant showcases unique behaviors, signaling a departure from previous Linux-based iterations. Stay vigilant and ensure robust cybersecurity measures to mitigate the risk of infiltration.

Recent reports from Trend Micro shed light on the resurgence of Monti ransomware, now leveraging a distinct Linux variant to infiltrate organizations within the legal and government sectors. Unlike its predecessors, which heavily relied on leaked Conti source code, this latest iteration introduces a novel encryptor with additional functionalities.

Security experts Nathaniel Morales and Joshua Paul Ignacio emphasize the importance of staying updated on emerging threats and reinforcing cybersecurity defenses to thwart Monti's evolving tactics.

Offline

#22 2024-06-19 10:25:05

crpuusd
Member
From: Blockchain
Registered: 2022-12-13
Posts: 2,411

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

Security experts Nathaniel Morales and Joshua Paul Ignacio emphasize the importance of staying updated on emerging threats and reinforcing cybersecurity defenses to thwart Monti's evolving tactics.

Offline

#23 2024-06-19 10:30:39

Comrade
Member
From: Utopia App Client
Registered: 2022-12-30
Posts: 2,385

Re: Return of Monti Ransomware with New Linux Variant and Improved Evasion

Profile Information Leakage Disadvantage. Allows unauthenticated users to view profile data, including user login names and encrypted passwords, facilitating unauthorized access and potential misuse of sensitive information.

Offline

Board footer

Powered by FluxBB