- Dec 23, 2021
Experts have yet to find out the source of the new Monti ransomware.
Since the closure of Conti's infrastructure in May, the group's activities have ground to a halt. Some researchers have suggested that Conti's decline in activity is the result of a rebrand. And other experts believe that former members of Conti, who moved to other groups, including Karakurt and Black Basta, participated in various RaaS-model campaigns.
There is currently no evidence that Conti is being renamed Monti, however, the Conti ransomware code was leaked to the public in March 2022. This means that any hacker can use the public source code to create their own ransomware based on Conti.
Intel 471 researchers believe that the Monti ransomware was created in this way, based on code analysis. Moreover, the Monti entry point is very similar to the Conti entry point. Monti could be a rebrand of Conti or just a new ransomware variant that was developed using publicly available source code.