sierra-chatbot-shape2

Monti Ransomware Decryption and Recovery

Under attack by ransomware or suffering a cyber breach?

Speed is critical when facing a live cyber attack. If you believe you’ve been compromised, by the Monti ransomware group or another threat actor - contact us immediately.

Under attack? Call us
Get in touch

About Monti ransomware group

First detected in mid-2022, Monti is a group of ransomware operators that closely mimic the tactics, tools, and procedures (TTPs) of the infamous Conti operation, which was dismantled the same year.

An infection with Monti ransomware typically involves advanced encryption methods to lock sensitive files, resulting in system downtime and a ransom demand in cryptocurrency. Victims are also threatened with data leaks to increase pressure.

What we can help with:

  • Encrypted files & ransomware data recovery
  • Incident response and containment
  • Secure data restoration and system recovery
  • Use of ransomware decryption tools and data recovery software
  • Development of incident response plans and disaster recovery solutions
  • Post-incident reviews and security hardening

Request a call back

If your organisation has been infected with ransomware contact us immediately.

How Monti operators work

Monti is a ransomware group that emerged in June 2022, shortly after the Conti group’s takedown. While it imitates Conti’s tactics and uses some of its leaked code, Monti is a separate threat actor.

Monti ransomware unleashes attacks on sectors like healthcare, education, and legal services, often exploiting weaker cyber security. Its malware encrypts files, appending a .monti file extension, and threatens data exposure.

After a short pause in 2023, Monti returned with a new Linux-based variant, showing ongoing development. Like other ransomware victims, those targeted by Monti face both operational disruption and data breach risks.

We are equipped to deal with an attack from any ransomware group.

Don’t hesitate to contact us if you are under attack from a ransomware group not listed above. 

Under attack? Call us

Recognising a Monti attack

Monti gains access to networks through phishing emails, RDP exploitation, and stolen credentials. Once inside, it uses legitimate tools such as Cobalt Strike and Advanced IP Scanner to move laterally across the environment. The ransomware then encrypts files using AES-256 and RSA algorithms as part of a fast, targeted encryption process. In addition to encryption, Monti also steals sensitive data for extortion, increasing pressure on victims to pay the ransom.

The Monti ransomware group has deployed a new ransomware variant specifically designed to target VMware ESXi servers, which are often used in enterprise environments. This variant includes techniques to evade detection, enabling it to spread quickly and lock down critical systems before defenses can respond.

Once inside a network, Monti exfiltrates valuable information and leaves files encrypted, disrupting operations and pressuring victims into paying a ransom.

Why you must not interfere with your ransomware environment

If you discover a physical break-in at your offices, your first instinct would be to call the police; touch nothing and let them search for clues. Then, your focus would shift to restoring business operations.

A cyber-attack requires the same approach. Your digital environment is a CRIME SCENE. It is crucial to leave the environment untouched to allow for a forensic investigation.

This is not a task for your IT team or MSP. Digital Forensic specialists are available 24/7 to assist you, just like in a physical crime.

description Sector Date Discovered Attack Date Country Screenshot
Enterprise Resource Planning (ERP) Software Technology 08/05/2025 07:02 AM 07/05/2025 09:14 PM US View
http://www.aeagleoilfield.com Transportation/Logistics 03/05/2025 02:43 PM 03/05/2025 02:42 PM US View
Full Leak Not Found 19/03/2025 01:31 AM 19/03/2025 01:17 AM JP View
Full leak Not Found 19/03/2025 01:29 AM 19/03/2025 01:18 AM US View
Architecture, Engineering & Design / Virginia, United States / 800 Employees Technology 06/03/2025 04:29 PM 06/03/2025 04:28 PM US View
Full leak Technology 04/03/2025 10:08 PM 04/03/2025 10:07 PM US View
Full leak Not Found 04/03/2025 10:07 PM 22/08/2024 12:00 AM View
Full leak Public Sector 02/03/2025 06:56 PM 02/03/2025 06:28 PM AR View
full leak Technology 11/02/2025 04:54 AM 11/02/2025 04:53 AM US View
Full leak Manufacturing 30/01/2025 05:53 PM 30/01/2025 05:52 PM DE View
Full leak Construction 30/01/2025 01:54 PM 30/01/2025 01:53 PM US View
Full leak Healthcare 29/01/2025 08:25 PM 29/01/2025 08:24 PM US View
full leak Technology 28/01/2025 11:04 PM 28/01/2025 11:03 PM AU View
Household Goods Manufacturing 28/01/2025 09:44 PM 28/01/2025 09:43 PM US View
Lawyers Business Services 28/01/2025 09:43 PM 28/01/2025 09:42 PM AE View
full leak Manufacturing 28/01/2025 09:42 PM 28/01/2025 09:41 PM IT View
Full database Telecommunication 22/01/2025 10:39 PM 22/01/2025 10:37 PM US View
Auto Suckers Consumer Services 22/12/2024 01:17 PM 22/12/2024 01:16 PM ES View
Insurance Financial Services 20/11/2024 02:32 AM 20/11/2024 02:10 AM US View
Hospitality Hospitality and Tourism 19/11/2024 02:31 PM 19/11/2024 02:31 PM GB View
Accounting Services Financial Services 19/11/2024 02:30 PM 19/11/2024 02:30 PM US View
Industrial Machinery & Equipment Manufacturing 19/11/2024 02:29 PM 19/11/2024 02:29 PM FO View
Healthcare Services Healthcare 19/11/2024 02:28 PM 19/11/2024 02:28 PM US View
Our utmost priorities are to bring the latest trends to our customers while providing each and every one with the quality care and service that they deserve. Consumer Services 21/10/2024 09:11 PM 19/10/2023 10:20 PM TR View
Georgia, United States Public Sector 21/10/2024 09:10 PM 04/10/2024 07:54 PM US View
Accounting Services Business Services 21/10/2024 09:09 PM 21/10/2024 09:09 PM CA View
Building Materials Manufacturing 21/10/2024 09:08 PM 21/10/2024 09:08 PM US View
Office Products Retail & Distribution Healthcare 21/10/2024 09:07 PM 21/10/2024 09:07 PM CA View
Hospitality · Italy Business Services 21/10/2024 07:46 PM 21/10/2024 07:46 PM IT View
Georgia, United States Public Sector 04/10/2024 06:04 PM 04/10/2024 06:04 PM US View
additional information Technology 03/09/2024 11:06 AM 26/08/2024 12:00 AM CA View
Business Services Healthcare 30/08/2024 10:37 PM 30/08/2024 10:37 PM DE View
Burgess Kilpatrick is an accounting and professional services firm located in Vancouver, BC. Business Services 30/08/2024 08:17 PM 30/08/2024 08:17 PM CA View
Automobile Dealers Business Services 30/08/2024 08:16 PM 30/08/2024 08:15 PM CA View
Architecture, Engineering & Design Business Services 30/08/2024 08:14 PM 30/08/2024 08:14 PM CA View
Office Products Retail & Distribution Healthcare 30/08/2024 08:13 PM 30/08/2024 08:13 PM CA View
Building Materials Manufacturing 30/08/2024 08:12 PM 30/08/2024 08:12 PM US View
Commercial & Residential Construction Business Services 30/08/2024 08:11 PM 30/08/2024 08:11 PM View
Commercial & Residential Construction Business Services 30/08/2024 08:10 PM 30/08/2024 08:10 PM CA View
Business Services Business Services 30/08/2024 08:09 PM 30/08/2024 08:09 PM CA View
Abatti Companies is a vertically integrated group of companies that handles all facets of farm products from field to market. In 1981 Alex Abatti Jr. started as a custom harvest operator that later began farming to become one of the largest farmers in the Imperial Valley, California. Agriculture and Food Production 26/08/2024 04:21 PM 04/08/2023 08:57 AM US View
Manufacturing 26/08/2024 04:20 PM 27/11/2023 10:56 PM View
We are dedicated to providing you with the personal service and attention you expect. Our goal is to help you understand your rights and assess your options, so that you can obtain the maximum recovery possible. Business Services 26/08/2024 04:19 PM 28/11/2023 04:43 PM US View
Tryax Realty Management serves the West Bronx communities of Morris Heights, Mt. Eden, Melrose, High Bridge, Kingsbridge and Norwood, and the Harlem communities of Hamilton Heights, Sugar Hill, and Strivers Row. Business Services 26/08/2024 04:18 PM 07/12/2023 12:14 AM CA View
#Robert_stop_fap_on_kids HMW Special Utility District is a Texas water district and special utility district under Chapters 49 and 65, Texas Water Code. Its purpose is to provide water utility services as permitted by applicable law. Public Sector 26/08/2024 04:17 PM 09/12/2023 12:59 AM DE View
Smith Affiliated Capital (SAC) was formed in 1982 to provide both discretionary and advisory investment management services to high-net worth individuals, their families, and institutional investors. Financial Services 26/08/2024 04:16 PM 01/02/2024 01:19 PM ZA View
Blue Maven provides extensive IT Procurement services. Business Services 26/08/2024 11:18 AM 26/08/2024 11:18 AM US View
Dental Healthcare 01/08/2024 09:20 PM 01/08/2024 09:20 PM CA View
City & PD Public Sector 24/07/2024 11:15 AM 24/07/2024 11:15 AM US View
Electricity, Oil & Gas Energy 24/07/2024 11:14 AM 24/07/2024 11:14 AM BG View
Hospitals & Physicians Clinics Healthcare 09/07/2024 03:02 PM 08/07/2024 09:33 PM US View
Wayne Memorial Hospital is a non-profit, community-controlled hospital based in Honesdale, Pennsylvania serving Wayne, Pike and Sullivan Counties. Healthcare 30/06/2024 07:41 PM 30/06/2024 05:59 PM US -
Italian Logistics. ctilog.it Transportation/Logistics 24/06/2024 03:33 PM 24/06/2024 03:33 PM IT View
shitty Not Found 24/06/2024 03:32 PM 24/06/2024 03:32 PM CA View
Colleges & Universities Energy 26/05/2024 02:16 PM 26/05/2024 03:16 PM FR View
Colleges & Universities Business Services 26/05/2024 02:16 PM 26/05/2024 03:17 PM FR View
Full leak Transportation/Logistics 26/05/2024 02:15 PM 26/05/2024 03:18 PM FR View
project sold Technology 15/05/2024 08:53 PM 15/05/2024 09:11 PM View
Law Firms & Legal Services Business Services 10/05/2024 10:22 AM 10/05/2024 11:21 AM AT -
Hospitals & Physicians Clinics · Colorado, United States Healthcare 24/02/2024 02:43 PM 24/02/2024 05:08 PM US View
Spedition Hamburg Apex - europaweit und international, Spedition Apex aus Hamburg transportiert europaweit und nach bersee Warengüter aller Art Transportation/Logistics 23/02/2024 02:51 PM 23/02/2024 03:37 PM DE View
Smith Affiliated Capital (SAC) was formed in 1982 to provide both discretionary and advisory investment management services to high-net worth individuals, their families, and institutional investors. Financial Services 23/01/2024 08:44 AM 21/01/2024 06:31 PM FR View
Diablo Valley Oncology provides comprehensive cancer care to patients by bringing together medical oncology, chemotherapy, radiation therapy, PET/CT and diagnostic imaging, research, and supportive care all in one convenient location. Healthcare 04/01/2024 01:14 PM 04/01/2024 03:30 PM US View
#Robert_stop_fap_on_kid HMW Special Utility District is a Texas water district and special utility district under Chapters 49 and 65, Texas Water Code. Its purpose is to provide water utility services as permitted by applicable law. Energy 08/12/2023 11:50 PM 09/12/2023 12:59 AM -
Tryax Realty Management serves the West Bronx communities of Morris Heights, Mt. Eden, Melrose, High Bridge, Kingsbridge and Norwood, and the Harlem communities of Hamilton Heights, Sugar Hill, and Strivers Row. Business Services 06/12/2023 10:08 PM 07/12/2023 12:14 AM View
RUDOLF GROUP implements the manufacturing of chemical auxiliaries Manufacturing 05/12/2023 04:10 PM 05/12/2023 03:59 PM DE View
SSN Business Services 01/12/2023 07:00 PM 01/12/2023 08:23 PM View
Passport Business Services 01/12/2023 05:31 PM 01/12/2023 07:52 PM View
RUDOLF GROUP implements the manufacturing of chemical auxiliaries Manufacturing 30/11/2023 10:08 PM 30/11/2023 09:51 PM View
Time is critical and prompt reporting of results is our objective. Most negative reports are released in less than 2 hours. We report results 7 days per week 365 days per year. Business Services 27/11/2023 08:52 PM 27/11/2023 10:56 PM View
We are dedicated to providing you with the personal service and attention you expect. Our goal is to help you understand your rights and assess your options, so that you can obtain the maximum recovery possible. Business Services 27/11/2023 08:52 PM 27/11/2023 10:57 PM View
We are RUDOLF, a global innovation leader for the textile, construction, coatings and car care industries. We support our customers with personal service and outstanding know-how. Our products maximize performance while minimizing environmental impact. Manufacturing 09/11/2023 05:38 PM 09/11/2023 05:54 PM View
Magsaysay People Resources is one of the world's leading human resource companies. Through its subsidiaries Magsaysay Global Services for land-based placement and Magsaysay Maritime Corporation for sea-based placement Business Services 09/11/2023 05:38 PM 09/11/2023 05:59 PM PH View
The city of Brno was chosen as the location for the new engineering-oriented military college due to its long tradition of superior quality engineering education. Education 23/10/2023 05:48 PM 23/10/2023 06:56 PM View
Our utmost priorities are to bring the latest trends to our customers while providing each and every one with the quality care and service that they deserve. Consumer Services 19/10/2023 11:31 PM 19/10/2023 10:20 PM View
Our utmost priorities are to bring the latest trends to our customers while providing each and every one with the quality care and service that they deserve. Consumer Services 09/10/2023 02:57 PM 09/10/2023 05:04 PM View
story about scam negotiator and stupid top level of unob Education 07/10/2023 02:32 PM 07/10/2023 04:25 PM View
story about scams Not Found 06/10/2023 01:12 PM 06/10/2023 02:17 PM View
The city of Brno was chosen as the location for the new engineering-oriented military college due to its long tradition of superior quality engineering education. Education 03/10/2023 07:17 PM 03/10/2023 09:00 PM CZ View
Cascade Family Dental offers dental services for families in the Payson and Springville, Utah area. Healthcare 01/10/2023 07:13 PM 01/10/2023 09:19 PM View
Rainbow Travel is a full service agency specializing in upscale leisure, special interest travel, and cruises. Hospitality and Tourism 01/10/2023 07:13 PM 01/10/2023 09:21 PM View
Founded in 1895, Auckland University of Technology is an educational facility that offers certificates, undergraduates, and postgraduate diplomas in a variety of fields. Education 21/09/2023 10:18 PM 22/09/2023 12:15 AM NZ View
The city of Brno was chosen as the location for the new engineering-oriented military college due to its long tradition of superior quality engineering education. Education 19/09/2023 11:47 PM 20/09/2023 01:39 AM View
Jaquith Industries three main specialties - Airport Lighting - BMF Metal Forms - Custom Contract Fabrication are manufactured here in the USA. Manufacturing 14/09/2023 05:36 PM 14/09/2023 04:18 PM View
East Baking Company Inc. has the ability to manufacture any private label bakery program from bagels, breads, rolls, pancakes, and sweet goods to a very specific customized bakery products. Agriculture and Food Production 14/09/2023 05:36 PM 14/09/2023 04:29 PM View
Abatti Companies is a vertically integrated group of companies that handles all facets of farm products from field to market. In 1981 Alex Abatti Jr. started as a custom harvest operator that later began farming to become one of the largest farmers in the Imperial Valley, California. Agriculture and Food Production 04/08/2023 07:07 AM 04/08/2023 08:57 AM View
Founded in 1984, Bickel & Brewer has earned a reputation as one of the most successful law firms in the United States practicing exclusively in the field of complex commercial litigation and dispute resolution. Business Services 02/08/2023 01:06 PM 02/08/2023 03:28 PM US View
Hungarian Investment Promotion Agency is a company that operates in the Financial Services industry. It employs 11-20 people and has $5M-$10M of revenue. Financial Services 30/07/2023 10:02 AM 30/07/2023 11:58 AM View
Siden & Associates, P.C. provides legal services to clients throughout the greater Boston and New England areas. Our clients range from large and medium sized corporations to small and developing businesses. Business Services 22/07/2023 02:55 PM 22/07/2023 05:13 PM View
Hungarian Investment Promotion Agency is a company that operates in the Financial Services industry. It employs 11-20 people and has $5M-$10M of revenue. Financial Services 22/07/2023 02:55 PM 22/07/2023 05:21 PM HU View
I nostri consulenti svolgono tutte le attività di gestione della contabilità e predisposizione delle dichiarazioni tributarie.. Business Services 30/05/2023 12:57 PM 30/05/2023 02:40 PM View
I nostri consulenti svolgono tutte le attività di gestione della contabilità e predisposizione delle dichiarazioni tributarie.. Business Services 26/05/2023 09:57 PM 27/05/2023 12:09 AM View
asl1abruzzo.it Portale istituzionale dell'Azienda Sanitaria Locale 1 Avezzano Sulmona L'Aquila. Healthcare 15/05/2023 11:56 AM 15/05/2023 02:30 PM View
asl1abruzzo.it Portale istituzionale dell'Azienda Sanitaria Locale 1 Avezzano Sulmona L'Aquila. Healthcare 12/05/2023 11:55 PM 13/05/2023 02:32 AM View
Today, we are publishing a Data Breach report of an outsourcing company, and we want to announce that tomorrow we will leak the databases of the following hotels into public access. Business Services 11/05/2023 02:01 PM 11/05/2023 03:49 PM View
asl1abruzzo.it Portale istituzionale dell'Azienda Sanitaria Locale 1 Avezzano Sulmona L'Aquila. Healthcare 11/05/2023 12:54 PM 11/05/2023 03:35 PM View
asl1abruzzo.it Portale istituzionale dell'Azienda Sanitaria Locale 1 Avezzano Sulmona L'Aquila. Healthcare 10/05/2023 03:56 PM 10/05/2023 05:45 PM View
asl1abruzzo.it Portale istituzionale dell'Azienda Sanitaria Locale 1 Avezzano Sulmona L'Aquila. Healthcare 08/05/2023 08:55 PM 08/05/2023 11:33 PM View
lux-automation.com For drive, regulation or control technology: LUX Automation is your expert when it comes to automation technology and process automation. Manufacturing 08/05/2023 07:54 PM 08/05/2023 10:06 PM View
asl1abruzzo.it Portale istituzionale dell'Azienda Sanitaria Locale 1 Avezzano Sulmona L'Aquila. Healthcare 06/05/2023 01:48 PM 06/05/2023 04:18 PM View
asl1abruzzo.it Portale istituzionale dell'Azienda Sanitaria Locale 1 Avezzano Sulmona L'Aquila. Healthcare 03/05/2023 04:54 PM 03/05/2023 06:58 PM IT View
lux-automation.com For drive, regulation or control technology: LUX Automation is your expert when it comes to automation technology and process automation. Manufacturing 03/05/2023 04:53 PM 03/05/2023 06:55 PM View
http://www.weickert.com Manufacturing 23/03/2023 10:41 PM 23/03/2023 10:46 PM View
https://www.zoominfo.com/c/american-institute-for-healthcare-quality/359823076 Healthcare 19/03/2023 01:09 PM 19/03/2023 02:19 PM View
this gay rippers : Monti #ransomware team posted about how Dount Leaks stole 100K from them and did not 'fulfill the terms of the deal' 👀 Not Found 19/03/2023 01:09 PM 19/03/2023 02:25 PM View
http://www.unitedlex.com Business Services 17/03/2023 07:21 PM 17/03/2023 09:54 PM View
boston.cambridgecollege.edu Education 15/03/2023 11:13 AM 15/03/2023 12:53 PM View
A government agency created by the State of Illinois to coordinate the Chicago region’s transit system https://rtachicago.org Public Sector 08/03/2023 12:14 AM 07/03/2023 09:00 PM View
Not Found 22/12/2022 08:17 PM 22/12/2022 08:17 PM -
Not Found 07/12/2022 10:36 AM 07/12/2022 10:36 AM -
Known threat actors

Ransomware groups behind the attacks

Below is a breakdown of the most active ransomware groups and the variants driving their attacks.

Post breach actions

  • Call a NCSC Cyber Incident Response approved supplier Some NCSC providers will fund up to 48 hours of investigation into your incident.
  • Report the incident to Report Fraud
  • Locate your business continuity plan Work out what you can do without access to your systems and data.
  • Identify your business insurance contact details
Business woman contacting a Zensec ransomware recovery service

Who are we and what experience do we have in responding to cyber incidents?

We are accredited to ISO 27001 and recognised by the UK’s National Cyber Security Centre (NCSC).

We provide comprehensive cyber risk management services, with a core focus on Digital Forensics and Incident Response (DFIR). Our capabilities are driven by a 24/7 Security Operations Centre and a dedicated in-house intelligence team that delivers timely, actionable threat reporting.

With decades of collective cyber security experience, we have the expertise to assume operational ownership of your entire IT security architecture – simplifying and strengthening cyber security across your business.

As an Assured Service Provider for Cyber Incident Response (CIR) at the Standard Level. This accreditation demonstrates our ability to deliver high-assurance, effective support in response to a wide range of cyber threats.

Your NCSC-approved supplier is a specialist crime scene investigator who will:

  1. Isolate and preserve your environment for forensic investigation.
  2.  Identify where the data has been duplicated and issue a legal takedown order.
  3. Identify your data, application and systems restore points. These might be at different points in time and will need to be carefully restored and reconstructed in a pristine environment.
  4.  Liaise with your business insurance company and if needed, with the Police.
  5. Advise you on notifying your customers of your situation.
  6. Rebuild your systems, restore your data and get you back to full operation. Note: This process can take between 2 weeks – 2 months.

 

Working with us

Our response process

Our team are ransomware recovery specialists with a proven, streamlined approach to resolving incidents quickly and effectively.

Step 1: Triage

We deploy our incident response team the same day. From the first call, we begin onboarding, introduce key stakeholders, set communication schedules, and start gathering critical information to guide the response.

Step 2: Investigation

DFIR (Digital Forensic Incident Response) teams investigate breaches to identify vulnerabilities, attack vectors, and system impacts from ransomware such as Data Loss (PII). We deliver clear forensic insights to guide mitigation.

Step 3: Contain

Our onsite and remote teams act fast to stop the attack in its tracks. That includes isolating affected systems, removing malicious code, and putting protections in place to prevent further spread or damage.

Step 4: Remediate & Eradicate

Once contained, we work to fully eliminate the threat. This includes fixing exploited vulnerabilities, restoring systems to a secure state, and ensuring no traces of the attack remain.

Step 5: Recover

Our incident response teams help get your business back to normal. We restore access to systems, recover data, and ensure services are safe, stable, and functioning, with minimal downtime.

Step 6: Post Incident

We conduct a full review of the incident response and recovery efforts. Together we assess what happened, what worked, and what can be improved, helping you build stronger defences for the future.

Forensic analysis to drive recovery

Our process includes a thorough digital forensic analysis from step two where the output becomes a central component of business recovery. This is because understanding the attack is of critical importance:

  • Informing an initial infection date

  • The extent and spread of infection

  • Data exfiltration having an impact on regulatory positions

  • Ensuring that the attacker and any tooling or artefacts they leave behind are eradicated

It is critical that the analysis of digital evidence is carried out to an agreed plan.

Maximising early root cause discovery and legal leverage

The process is purpose-built to uncover the root cause as early as possible, which is essential to inform remediation / eradication and recovery as well as supporting a legal take-down case if this is applicable. A legal take-down means we can assist in the legal enforcement that stops the criminals from publishing the data, thus undermining the ransom notice.

Our Digital Forensic and Incident Response (DFIR) teams maintain consistent communication throughout. Dedicated Incident Managers and technical engineering leads provide updates during the Cyber Incident Response journey, utilising risk registers and working within change management processes, all from triage through to post-incident, delivering successful business recovery.

Key take aways

  • You will not be able to access your systems or data.
  • It is advised to disconnect from the internet and shut down your systems, including PCs, to prevent further infections.
  • Your Office 365 system might also be compromised, allowing the attackers to monitor your responses. Avoid communicating with individuals through your primary email or team systems.
  • Threat actors typically infiltrate your system at least 2-4 weeks before you become aware of the attack. Your data will have already been exfiltrated. If your system is encrypted, this was not an overnight event.
  • Ransom demands in the UK typically range from £500,000 to £3 million, with some sectors, like education, facing demands that exceed £5 million
  • Paying the ransom may violate financial sanctions, which is a criminal offence and could result in a custodial sentence or further financial penalties.
  • If your data is sold or published online, it puts your customers and staff at risk, potentially implicating you in a Data Protection breach.
  • You will need to submit a data takedown request to the initial location where the data was transferred.
  • Do not overwrite the encrypted data. It is crucial to determine when the infection began and where the data was sent.
  • Avoid rebuilding from the latest backup, as it is likely to be infected.

Why should I trust Zensec to do this work rather than my IT team?

A forensic analysis needs to be meticulous and a clean restore and recovery requires a wealth of experience not normally available in an in-house team who must provide a broader range of IT support skills:

Internal IT teams don’t have the necessary skill set to resolve security encryption issues themselves. 

IT teams may recover to the same position with indicators of compromise ready to do it again… which can lead to another breach.

Internal teams are pressured to restore business operations and may recover before forensic analysis even begins, potentially destroying the crime scene before completion.

Why choose us?
We can help

Frequently asked questions

Key information when you’re under pressure.

Yes, Monti is a strain of ransomware. It encrypts data and steals information, demanding ransom payments, usually in Bitcoin, in exchange for file recovery and to prevent public data exposure. Like other ransomware gangs, Monti delivers a ransom note to victims outlining payment instructions and threats.

The Monti ransomware operation is known for mimicking Conti’s tactics and was built using Conti's leaked source code, allowing it to adopt similar functionality. Monti may also apply selective encryption based on file size, balancing speed with impact to maximise disruption while avoiding detection.

It is considered a successor in style, though not in leadership, to the Conti ransomware group.

Facing genuine pressure, there's a crucial decision to make - one that could rescue your organisation from weeks of operational standstill, reputation damage, and client data loss. Yet, the probability of a favourable outcome remains slim, emphasising the importance of engaging a specialised ransomware incident response team. They are your most viable recourse for navigating a ransomware incident.

The NCSC have documented the deliberations for paying ransomware: https://www.ncsc.gov.uk/ransomware/home

Important Reminder: It is a criminal offense to pay money to people who are subject to financial sanctions. The list of who is subject to financial sanctions is constantly changing.

The latest iteration can be found here: https://www.gov.uk/government/publications/financial-sanctions-consolidated-list-of-targets

A ransomware attack presents the most significant threat to your business by:

  • Disabling your access to systems, which could hinder machinery operation or impede progress through your business processes.
  • Blocking access to critical data concerning suppliers, shipments, customers, orders, or steps in your business workflow.

In the event of a business interruption, identifying your position in the supply chain and sustaining operations can be challenging. If the disruption continues, maintaining business continuity becomes critical. Once systems and data are restored, addressing backlogs and establishing future operational protocols are essential.

Ransomware ranks only behind receivership in terms of its capacity to incapacitate a business.

The NCSC is the UK National Cyber Security Centre. They provide cyber security guidance and support, helping to make the UK the safest place to live and work online. They have defined a Cyber Incident Response procedure and they have approved and accredited suppliers to provide this service.

https://www.ncsc.gov.uk/

As a recognised Assured Service Provider by the National Cyber Security Centre (NCSC), Zensec provide comprehensive cyber risk management services that are designed to Protect, Detect & Mitigate cyber security threats across the UK.

Report Fraud is the UK's national reporting centre for fraud and cybercrime. Whether you have been scammed, defrauded, or experienced cybercrime in England, Wales, or Northern Ireland, Report Fraud offers a central point of contact for information on fraud and financially motivated cybercrime.

https://www.reportfraud.police.uk/https://www.actionfraud.police.uk/

The Monti ransomware group likely gained access to your system through one of several common attack vectors:

  • Phishing emails

  • Exposed RDP ports

  • Stolen login credentials

Once inside, Monti delivers its ransomware payload, which encrypts files and often exfiltrates sensitive data before encryption, significantly increasing the damage of a successful ransomware attack.

To help prevent future infections, we strongly recommend implementing the following cybersecurity measures:

  • Educate your staff on cybersecurity and how to recognise phishing attempts

  • Use strong, unique passwords across all systems

  • Enable multi-factor authentication to reduce the risk of credential theft

  • Remove unused or inactive user accounts regularly

  • Perform frequent, tested backups and store them securely offline or in isolated environments

  • Keep all software and systems fully updated with the latest security patches

After recovering from a Monti ransomware attack, Zensec advises updating your business continuity plan to reflect lessons learned during the incident and recovery process.

Yes. There's a possibility that some of the lost data falls under the category of "Personal Data" belonging to your customers. It's your legal responsibility to safeguard this data, even if it has been lost. Additionally, you may need to notify the Information Commissioner's Office at https://ico.org.uk/.

Your insurer or legal counsel will provide guidance on the necessary steps and how to move forward in this situation.

Zensec has experience collaborating with insurers and legal professionals and can offer support in managing this relationship during this challenging period.

sierra-chatbot-shape2

Dealing with a ransomware attack?
Our ransomware recovery service can help

Our expert team works quickly to contain the breach, recover your data, and restore your systems to full operation. We’ll guide you through every step of the recovery process and help strengthen your defences to prevent future attacks. Regain control with Zensec - trusted support when it matters most.

Contact us