Official forum for Utopia Community
You are not logged in.
Following a two-month hiatus, the threat actors behind the Monti ransomware have returned to attack targets in the legal and government sectors using a new Linux version of the encryptor.
In June 2022, weeks after the Conti ransomware group stopped operating, Monti appeared and purposefully imitated the strategies, tools, and leaked source code used by the latter. no longer.
Compared to its other Linux-based predecessors, the new version, according to Trend Micro, represents something of a departure.
According to Trend Micro researchers Nathaniel Morales and Joshua Paul Ignacio, "unlike the earlier variant, which is mainly based on the leaked Conti source code, this new version employs a different encryptor with additional distinct behaviors.".
A BinDiff analysis has shown that while earlier iterations had a 99 percent similarity rate with Conti, the most recent version only has a 29 percent similarity rate, indicating a redesign.
The removal of the command-line arguments --size, --log, and --vmlist, as well as the addition of the "--whitelist" parameter, which instructs the locker to skip a list of virtual machines, are some of the most significant changes.
The Linux variant uses AES-256-CTR encryption rather than Salsa20 and solely relies on the file size for its encryption process. It is also designed to modify the motd (also known as message of the day) file to display the ransom note.
Malware called Monti.
The first 100,000 (0xFFFFF) bytes of files larger than 1.048 MB but smaller than 4.19 MB will only be encrypted, whereas files larger than 4.19 MB may have some of their content locked depending on the results of a Shift Right operation.
The entire content of files with a size less than 1.048 MB will be encrypted.
As evidenced by some similar functions, the threat actors who created Monti "likely employed portions of the Conti source code as a base for the new variant, but implemented significant changes to the code, especially to the encryption algorithm," the researchers wrote.
Additionally, by changing the code, Monti's operators are making it more difficult to detect and stop their malicious activities. ".
Offline
Well all browsers and sites now has its own risk I want to understand how to host my website on Utopia p2p network but I have not been able to learn how to do that
Offline
Well all browsers and sites now has its own risk I want to understand how to host my website on Utopia p2p network but I have not been able to learn how to do that
No, not all browsers and sites have own level of risk. While the internet as a whole carries inherent risks, the level of risk can vary depending on factors such as the browser's security features, the website's security protocols, and user behavior.
Offline
CrytoCynthia;21380 wrote:Well all browsers and sites now has its own risk I want to understand how to host my website on Utopia p2p network but I have not been able to learn how to do that
No, not all browsers and sites have own level of risk. While the internet as a whole carries inherent risks, the level of risk can vary depending on factors such as the browser's security features, the website's security protocols, and user behavior.
Different browsers offer varying levels of security and privacy features. Some browsers have built-in security measures, such as sandboxing, pop-up blockers, and protection against malicious websites.
Offline
Vastextension;22198 wrote:CrytoCynthia;21380 wrote:Well all browsers and sites now has its own risk I want to understand how to host my website on Utopia p2p network but I have not been able to learn how to do that
No, not all browsers and sites have own level of risk. While the internet as a whole carries inherent risks, the level of risk can vary depending on factors such as the browser's security features, the website's security protocols, and user behavior.
Different browsers offer varying levels of security and privacy features. Some browsers have built-in security measures, such as sandboxing, pop-up blockers, and protection against malicious websites.
More secure browsers also prioritize regular updates to address emerging threats and vulnerabilities.
Offline
level;22199 wrote:Vastextension;22198 wrote:No, not all browsers and sites have own level of risk. While the internet as a whole carries inherent risks, the level of risk can vary depending on factors such as the browser's security features, the website's security protocols, and user behavior.
Different browsers offer varying levels of security and privacy features. Some browsers have built-in security measures, such as sandboxing, pop-up blockers, and protection against malicious websites.
More secure browsers also prioritize regular updates to address emerging threats and vulnerabilities.
Websites can also vary in terms of security depending on factors like encryption protocols, secure communication channels (HTTPS), and measures to protect user data.
Offline
IyaJJJ;22200 wrote:level;22199 wrote:Different browsers offer varying levels of security and privacy features. Some browsers have built-in security measures, such as sandboxing, pop-up blockers, and protection against malicious websites.
More secure browsers also prioritize regular updates to address emerging threats and vulnerabilities.
Websites can also vary in terms of security depending on factors like encryption protocols, secure communication channels (HTTPS), and measures to protect user data.
Well-maintained websites employ security practices, including vulnerability scanning, secure coding, and regular security audits.
Offline
joanna;22201 wrote:IyaJJJ;22200 wrote:More secure browsers also prioritize regular updates to address emerging threats and vulnerabilities.
Websites can also vary in terms of security depending on factors like encryption protocols, secure communication channels (HTTPS), and measures to protect user data.
Well-maintained websites employ security practices, including vulnerability scanning, secure coding, and regular security audits.
A significant factor in online risk is user behavior. Engaging in unsafe practices such as visiting suspicious websites, clicking on unknown links, downloading files from untrusted sources, or sharing sensitive information with unsecure sites increases the likelihood of encountering risks.
Offline
Vastextension;22202 wrote:joanna;22201 wrote:Websites can also vary in terms of security depending on factors like encryption protocols, secure communication channels (HTTPS), and measures to protect user data.
Well-maintained websites employ security practices, including vulnerability scanning, secure coding, and regular security audits.
A significant factor in online risk is user behavior. Engaging in unsafe practices such as visiting suspicious websites, clicking on unknown links, downloading files from untrusted sources, or sharing sensitive information with unsecure sites increases the likelihood of encountering risks.
It's important to note that while browsers and websites can provide security features, they cannot eliminate all online risks.
Offline
level;22203 wrote:Vastextension;22202 wrote:Well-maintained websites employ security practices, including vulnerability scanning, secure coding, and regular security audits.
A significant factor in online risk is user behavior. Engaging in unsafe practices such as visiting suspicious websites, clicking on unknown links, downloading files from untrusted sources, or sharing sensitive information with unsecure sites increases the likelihood of encountering risks.
It's important to note that while browsers and websites can provide security features, they cannot eliminate all online risks.
Users must also be vigilant, follow best practices (such as using strong, unique passwords, enabling two-factor authentication, and keeping software up to date), and exercise caution while browsing the internet to mitigate potential risks.
Offline
IyaJJJ;22204 wrote:level;22203 wrote:A significant factor in online risk is user behavior. Engaging in unsafe practices such as visiting suspicious websites, clicking on unknown links, downloading files from untrusted sources, or sharing sensitive information with unsecure sites increases the likelihood of encountering risks.
It's important to note that while browsers and websites can provide security features, they cannot eliminate all online risks.
Users must also be vigilant, follow best practices (such as using strong, unique passwords, enabling two-factor authentication, and keeping software up to date), and exercise caution while browsing the internet to mitigate potential risks.
The deliberate practice of upgrades of system each and every time available will help to meet up with the tech updates availability from host tech developer
Offline
The return of Monti ransomware after a hiatus, targeting legal and government sectors with a new Linux version, showcases the adaptability and innovation of threat actors.
Offline
The return of Monti ransomware after a hiatus, targeting legal and government sectors with a new Linux version, showcases the adaptability and innovation of threat actors.
While initially imitating Conti's strategies and tools, Monti has evolved with a new version, indicating a departure from its predecessors. Monti's new version employs AES-256-CTR encryption, a departure from its previous use of Salsa20, indicating a continuous effort to enhance its encryption capabilities.
Last edited by Comrade (2024-05-15 17:27:34)
Offline
The new version of Monti ransomware modifies the motd file to display the ransom note and selectively encrypts files based on their size and content, showcasing a shift in behavior for increased effectiveness.
Offline
By altering code and reducing similarity with Conti, Monti's operators are effectively evading detection, making it more challenging for security systems to detect and mitigate their activities.
Offline
These are execute a larger forms of damage by Ability for attackers to gain administrator access to the management console, enabling them to monitor activities, upload files to ATMs, reboot or shut them down entirely.
Offline
Please can help me manipulating or deletion of log files to hide malicious activities and cover the attacker's tracks.Potential use of compromised infrastructure as a pivot point for further attacks on the internet, increasing the scope and impact of the security breach.
Offline
After a brief hiatus, the Monti ransomware group has returned, targeting legal and government sectors with a new Linux version of their encryptor. This resurgence follows closely after the cessation of Conti ransomware activities in June 2022, with Monti adopting similar strategies and tools to its predecesso
Offline
After a brief hiatus, the Monti ransomware group has returned, targeting legal and government sectors with a new Linux version of their encryptor. This resurgence follows closely after the cessation of Conti ransomware activities in June 2022, with Monti adopting similar strategies and tools to its predecesso
However, this latest variant showcases unique behaviors, signaling a departure from previous Linux-based iterations. Stay vigilant and ensure robust cybersecurity measures to mitigate the risk of infiltration.
Offline
Comrade;38212 wrote:After a brief hiatus, the Monti ransomware group has returned, targeting legal and government sectors with a new Linux version of their encryptor. This resurgence follows closely after the cessation of Conti ransomware activities in June 2022, with Monti adopting similar strategies and tools to its predecesso
However, this latest variant showcases unique behaviors, signaling a departure from previous Linux-based iterations. Stay vigilant and ensure robust cybersecurity measures to mitigate the risk of infiltration.
Recent reports from Trend Micro shed light on the resurgence of Monti ransomware, now leveraging a distinct Linux variant to infiltrate organizations within the legal and government sectors. Unlike its predecessors, which heavily relied on leaked Conti source code, this latest iteration introduces a novel encryptor with additional functionalities.
Offline
gap;38213 wrote:Comrade;38212 wrote:After a brief hiatus, the Monti ransomware group has returned, targeting legal and government sectors with a new Linux version of their encryptor. This resurgence follows closely after the cessation of Conti ransomware activities in June 2022, with Monti adopting similar strategies and tools to its predecesso
However, this latest variant showcases unique behaviors, signaling a departure from previous Linux-based iterations. Stay vigilant and ensure robust cybersecurity measures to mitigate the risk of infiltration.
Recent reports from Trend Micro shed light on the resurgence of Monti ransomware, now leveraging a distinct Linux variant to infiltrate organizations within the legal and government sectors. Unlike its predecessors, which heavily relied on leaked Conti source code, this latest iteration introduces a novel encryptor with additional functionalities.
Security experts Nathaniel Morales and Joshua Paul Ignacio emphasize the importance of staying updated on emerging threats and reinforcing cybersecurity defenses to thwart Monti's evolving tactics.
Offline
Security experts Nathaniel Morales and Joshua Paul Ignacio emphasize the importance of staying updated on emerging threats and reinforcing cybersecurity defenses to thwart Monti's evolving tactics.
Offline
Profile Information Leakage Disadvantage. Allows unauthenticated users to view profile data, including user login names and encrypted passwords, facilitating unauthorized access and potential misuse of sensitive information.
Offline