Skip to main content Link Menu Expand (external link) Document Search Copy Copied
DFIR Ransomware Project
Category Details References
Actors    
First Observed May/June 2022 1
Threat Actors TBD  
Environment    
Platforms Windows 1
Artifacts    
Extensions .PUUUK
.KFIKN		 1
2
Ransomware Notes readme.txt 2
Services It Disables TBD  
Other Observables YARA rules from Blackberry/Cylance 1
Automation    
Automatically Gains Access No  
Automatically Escalates Privileges No  
Requires Human Interaction Yes  
Automatic Exfiltration No
Evidence of limited manual exfiltration of data
The ransom note claims “We’ve downloaded a pack of your internal data and are ready to publish it on our news website if you do not respond.”		 1
3
Automatic Propagation No  

Please note, this page was last updated at 2023-03-14 20:21.

  1. https://blogs.blackberry.com/en/2022/09/the-curious-case-of-monti-ransomware-a-real-world-doppelganger  2 3 4 5

  2. https://www.cyclonis.com/monti-ransomware-new-conti-clone/  2

  3. https://www.pcrisk.com/removal-guides/24770-monti-ransomware