After a break, a new variant of Monti ransomware has resurfaced. It is now targeting organizations for malicious activities. The state-run Indian Computer Emergency Response Team (CERT-In) has issued an alert in this regard on its official website.
The new variant of Monti ransomware shows similarity with the source code of Conti ransomware. Monti was first identified in 2022 and it is now deploying a Linux encryptor to target victims in legal and government sectors.
Best Practices and Recommendations
As per CERT-In, there is a need to maintain offline backups of data and regularly maintain backup and restoration. This practice will ensure the organization will not be severely interrupted and have irretrievable data.
Implement all accounts with strong & unique passwords (e.g., service accounts, admin accounts, and domain admin accounts).
Use a host-based firewall to only allow connections to administrative shares via server message block (SMB) from a limited set of administrator machines.
Enable protected files in the Windows Operating System to prevent unauthorized changes to critical files.
Keep the operating system, and third-party applications (MS office, browsers, browser Plugins) up-to-date with the latest patches.