Monti Ransomware Targets Legal and Government Sectors with New Linux Tool

A ransomware campaign by the recently emerged Monti ransomware group is targeting victims with a new Linux variant of its malware. The threat group is the latest in a growing number of ransomware groups finding profit in going after Linux infrastructure.

Researchers at Trend Micro said the threat group is now deploying a Linux encryptor to target victims in legal and government sectors. Although the group has previously deployed Linux variants, the new encryptor comes with advanced evasion capabilities that make it harder to detect, the researchers said.

Monti was first identified in 2022. Its techniques and procedures largely mirror the now-defunct Conti ransomware group. Trend Micro researchers said this is because the group may have developed its toolkit based on Conti's leaked source code (see: Conti Ransomware Group Retires Name After Creating Spinoffs).

Capabilities of the new Linux encryptor include intermittent encryption based on the file size and ability to terminate virtual machines on the system, allowing the hackers to evade detection.