The Monti Ransomware Attack on Bickel and Brewer

The Monti ransomware gang has attacked Bickel and Brewer. Bickel & Brewer is a law firm established in 1984 by founders William H. "Bill" Brewer and William S. "Bill" Bickel. The firm is recognized for its unique approach to practicing law and its dedication to social responsibility and diversity. Bickel & Brewer has gained attention for its involvement in complex litigation, corporate law, and other legal fields. Monti posted Bickel and Brewer to its data leak site on July 27th but provided no further information.

About MONTI Ransomware

MONTI is a ransomware software engineered with the intention to encrypt data and solicit payment for the provision of decryption tools. Notably, MONTI is an emerging iteration of the CONTI ransomware. Moreover, the operational methods employed by MONTI exhibit striking parallels to those utilized by CONTI. During the course of February 2022, the group responsible for CONTI fell victim to a substantial breach that resulted in the exposure and dissemination of sensitive data, encompassing source codes, hacking utilities, and related materials. This divulged information effectively served as a comprehensive guide for potential cybercriminals interested in emulating CONTI's methods. Consequently, it is plausible that MONTI might not stand as the exclusive ransomware faction to base its activities on insights drawn from the aforementioned CONTI breaches.

How MONTI Operates

The MONTI ransomware executes a process of file encryption, appending filenames with a distinct extension consisting of five randomly generated characters. For instance, our assessment of a MONTI sample on a test system resulted in the transformation of a file named "1.jpg" into "1.jpg.PUUUK". Upon completion of the encryption procedure, MONTI proceeds to establish a ransom note titled "readme.txt". The content of the ransom message closely mirrors that of CONTI's communication. It notifies victims that their files have undergone encryption and that sensitive data has been procured. The ransom note cautions victims against any efforts to manually decrypt the compromised files, asserting that such endeavors would prove futile and may lead to irreparable decryption failure. The only viable avenue to regain access to the encrypted data is through establishing communication with the attackers and fulfilling their financial demands. To substantiate this claim, a free decryption test is provided as evidence. The note issues a stark ultimatum, indicating that the victims must either engage with the cybercriminals and meet their demands or risk the exposure of the pilfered data should they choose to ignore the communication or involve law enforcement authorities.