Monti represents a relatively new form of ransomware that targets Linux systems, encrypting their files and appending a ".puuuk" extension to them. There have been indications of potential Monti variations that are effective on Windows systems as well.
Upon infection, Monti deploys a ransom note labeled as "README.txt." Strikingly similar to the ransom notes employed by the infamous Conti ransomware
, this note exhibits a resemblance. Setting it apart from the norm within the realm of ransomware, the Monti threat actor manages two distinct TOR sites: the first serves as a repository for data illicitly acquired from victims, while the second pertains to ransom negotiations. Presently, the ransom negotiation site remains inaccessible. The data leak site features a section termed the "wall of shame," a concept possibly emulated from other ransomware collectives like Ragnar Locker
As an additional element of its operation, the ransomware deposits a text file named result.txt. This file provides insight into the number of files subjected to encryption within the compromised system.
Monti Ransomware Signatures
Monti Ransomware Download