"Monti, the New Conti: Ransomware Gang Uses Recycled Code"

Analysts have discovered a ransomware campaign from a new group called "Monti," which launches attacks using leaked Conti code almost entirely. The Monti group launched ransomware attacks over the Independence Day weekend, successfully exploiting the Log4Shell vulnerability to encrypt 20 BlackBerry user hosts and 20 servers, according to BlackBerry's Research and Intelligence Team. Researchers discovered that the indicators of compromise (IoCs) for the new ransomware attacks were the same as in previous Conti ransomware attacks, with one difference: Monti includes the Acrion 1 Remote Monitoring and Maintenance (RMM) Agent. The team believes Monti lifted Conti's infrastructure when it was leaked last spring, during February and March, rather than being Conti reborn. This article continues to discuss Monti's use of leaked Conti code, TTPs, and infrastructure approaches to carry out its own ransomware campaign. 

Dark Reading reports "Monti, the New Conti: Ransomware Gang Uses Recycled Code"