Ransomware Group Monti Targets German Logistics Company APEX

Ransomware group Monti has attacked the German company APEX. APEX is a logistics company that handles transport logistics, warehouse logistics, and ocean freight. It tailors service-based logistics solutions according to its customers’ unique situations and needs.

Monti ransomware was discovered by researchers in June 2022. The group drew attention by operating like the now out-of-business Conti ransomware group. In September of the same year, Blackberry's Incident Response team investigated a security incident linked to Monti. The attackers had exploited the notorious Log4Shell vulnerability on a client's internet-facing VMware Horizon virtualization system.

Once the threat actors gained entry to the victim's VMware Horizon Connection Broker server through the Log4Shell exploit, they proceeded to install Google Chrome and used it to download attack tools onto the server.

Monti's Return with a New Variant

After taking a short break, Monti returned in August 2023 with a new Linux-based Monti variant (Ransom.Linux.MONTI.THGOCBC). Trend Micro researchers pointed out that there are significant differences from previous Linux-based versions. One is the use of the "--type=soft" parameter to shut down virtual machines on the system instead of the previous "--type=hard" option. Researchers speculate this was done to help the group evade detection.

Monti's code enhancements indicate its desire to enhance its evasion detection techniques and make it harder for security practitioners to detect and mitigate their actions.