Monti Ransomware

In early July, researchers identified suspicious activity from a previously unknown, or not so unknown, ransomware, the Monti ransomware.

You could say it is almost new, as it is quite similar to the famous Conti ransomware. Some say they are “Doppelganger”, which means look-alike.

Some time ago the Conti group suffered a break-in and a big data leak, including source codes, hacker tools and other associated data.

This information was enough for other cybercriminals to spread and use the Conti ransomware tactics. The cybercriminals had in hand a step-by-step approach to carry out major attacks.

It is realised that the group behind the Monti ransomware, fully enjoyed the February data leak. The group follows the same line as Conti in their operations, which is:

  • Search for vulnerabilities in the system
  • Breaking into the system
  • Execution of the ransomware
  • Lateral movement for maximum damage
  • Encryption of the files
  • Renaming of files making it impossible to open them
  • Generation of ransom demand

The Monti ransomware operators often use the Windows vulnerability called “Log4Shell” (CVE-2021-44228). Once the system is hacked the operators release the Monti ransomware and start the encryption being sure to reach as much data as possible.

To do this, they use the Remote Desktop Protocol (RDP). This way, they can reach servers connected to the same network easily. This technique is called lateral movement.

Then, the encrypted files are renamed and become inaccessible. The Monti ransomware, uses a random five character extension that is added to the original file name.

After the encryption is complete, Monti creates a ransom note called “readme.txt”. All the coordinates for the victim to contact those responsible for the attack are found in this text file.

Collaborating with hackers is not recommended and should only be considered as a last resort. In this situation, trusting competent data recovery professionals is the best choice.

Recover files encrypted by Monti ransomware

Digital Recovery has more than 23 years of experience in the data recovery market. In our history we have been able to help hundreds of companies that have suffered ransomware attacks.

Thanks to our proprietary technology, we can recover encrypted files from virtually any storage device such as databases, servers, RAID systems, virtual machines, among others.

We act remotely in data recovery, maintaining the necessary secrecy because we know how sensitive a company’s data can be.

Our solution was entirely based on the General Data Protection Regulation (GDPR). All our clients can also rely on a confidentiality agreement (NDA).

Our customer service team is available 24/7 in the language of your choice: English, French, Portuguese and Spanish. Contact us and get your data back now.

We are
always online

Please fill out the form, or select your preferred contact method. We will contact you to start recovering your files.

Latest insights from our experts

Descriptografar ransomware em servidores

Decrypt Server

Ransomware attacks on servers have become a growing threat, jeopardising the security of critical data and business operations. This article explores the nuances of file


Through unique technologies Digital Recovery can bring back encrypted data on any storage device, offering remote solutions anywhere in the world.