Ransomware Group

Monti

Also known as: Monti Locker

Status: active • First seen 2022-06100+ known victims

When the Conti ransomware gang fell apart, their code was leaked online. Monti grabbed that code and started their own operation, attacking both Windows computers and Linux servers that run virtual machines.

Overview

Monti emerged after the Conti leaks and appears to reuse significant portions of Conti source code. The group has developed both Windows and Linux variants, targeting VMware ESXi environments.

Target Industries

Legal, Government, Financial, Healthcare

How They Attack

  • Conti code reuse
  • VMware ESXi exploitation
  • Linux targeting
  • Phishing

Notable Victims

Legal firms (2023), Government contractors

Is your business exposed?

How to Protect Against Monti

  1. 1.

    Patch VMware ESXi to latest version

  2. 2.

    Monitor for Conti-related indicators

  3. 3.

    Harden Linux servers and limit SSH access

MITRE ATT&CK Techniques

T1486, T1490, T1021, T1566

Related Groups

Conti, Royal, Black Basta

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices