The Monti ransomware has restarted activity after a two-month break with a new Linux encryptor that targets VMware ESXi servers.
The Monti attackers are using this new encryptor to target organizations in the legal and government sectors. Older variants of Monti, which was first spotted in June 2022, were essentially a carbon copy of the leaked Conti ransomware; however, this new Linux encryptor only has a 29% similarity rate with Conti, according to researchers at Trend Micro.
Monti has made numerous modifications to its locker, which are primarily designed to make it more difficult to detect.
Several ransomware families now have Linux versions of their encryptors, including Akira, Royal, Noberus, and LockBit.
If you need more information about security and protection solution, talk with R2SIS Tech team.
Source: Symantec Threat Landscape Bulletin 08/15/2023