MONTI Ransomware Breaches Wayne Memorial
MONTI hackers announced that they’ve successfully breached Wayne Memorial Hospital. According to the original post, the attackers will leak the stolen data publicly on the 8th. It’s unclear how much data they’ve managed to steal.
- Wayne Memorial representatives haven’t commented on the situation
- It’s also unclear if the hackers have communicated with any Wayne Memorial representatives regarding the ransom
- At the time of writing this article, the hospital’s website was up and running as normal
- MONTI copied the now defunct Conti’s tactics, name, and procedures openly, and they’ve been active since June 2022
The gang’s MO is the standard double-extortion routine. The hackers always go for targeted operations, rather than attacking blindly. This increases the chance of penetrating high-value targets.
Unlike many other ransomware actors, MONTI appears to be more aggressive but also stealthier overall. The gang doesn’t reach headlines very often, but that doesn’t mean it’s not active. Its overall MO is also divergent from the norm.
All ransomware actors have leak sites where they post the stolen data, once the negotiations have failed. But MONTI appears to leak a lot more data than usual. Which suggests either that their negotiations fail constantly, or that they leak the data anyway.
It’s also important to note that MONTI doesn’t usually go for standard attack routines. Instead of the standard phishing attempts, MONTI hackers prefer to target their preferred institutions directly.
The hackers exploit system vulnerabilities, which gives them instant access to sensitive data. The exfiltration process is fast and typically allows for important data leaks.
What to Know About MONTI?
MONTI operates both on Windows and Linux and they appear to be highly proficient at achieving their goals. The hackers will leave behind a ransom note informing the victim of the situation and calling for contact.
The hackers inform the victim not to contact the authorities as “we have our informants in these structures, so any of your complaints will be directed to us.” This is somewhat typical for ransomware gangs to claim since they try to intimidate the victim.
It’s unclear how successful the gang is in terms of financial gains, but the suspicion is that it’s successful enough. After all, MONTI has been active for little over 2 years and it doesn’t show signs of slowing down.
But what should you do if you’re being targeted by MONTI? Despite the hackers’ recommendations, don’t contact them and alert the authorities. Nothing good can come out of paying the ransom, aside from losing a lot of money in the process.
Sure, you will recover your stolen data, but there’s no guarantee that the hackers won’t leak it publicly. Or sell or share it with other ransomware gangs. This happens more often than not, because the victim isn’t really in the position of preventing that.
Plus, paying the ransom paints a target on your back, which will put you on the hackers’ “to revisit” list. It’s a lose-lose situation, however you would look at it. Your job is to make sure you choose the lesser evil.
Our Mission
We believe security online security matters and its our mission to make it a safer place.
