Ransomware Attack on Esc Pau Etudes-Conseils by Monti Group

Incident Date:

May 26, 2024

World map

Overview

Title

Ransomware Attack on Esc Pau Etudes-Conseils by Monti Group

Victim

Esc Pau Etudes-Conseils

Attacker

Monti

Location

Pau, France

, France

First Reported

May 26, 2024

Ransomware Attack on Esc Pau Etudes-Conseils by Monti Group

Company Profile

Esc Pau Etudes-Conseils is a French consulting firm that provides expertise in various fields, including engineering, architecture, and project management. The company operates in the education sector and is known for offering undergraduate and graduate programs in business and management. With a revenue of approximately $29.6 million, Esc Pau Etudes-Conseils is considered a medium-sized consulting firm.

Victim Overview

Esc Pau Etudes-Conseils was targeted by the ransomware group Monti, which recently resumed operations with an enhanced Linux-based ransomware variant. The company's website, www.esc-pau.fr, was compromised, leading to the full publication of stolen data on Monti's dark web leak site.

Ransomware Group Profile

Monti Group is a cybercriminal organization that has gained notoriety for its ransomware attacks on various sectors, including legal, financial services, and healthcare. The group distinguishes itself by targeting high-value entities within critical industries and threatening non-compliant companies with exposure on their data leak site's "Wall of Shame" if ransom demands are not met.

Attack Details

The ransomware attack on Esc Pau Etudes-Conseils resulted in the full publication of stolen data, highlighting the group's ability to penetrate the company's systems and exfiltrate sensitive information. Monti's Linux-based ransomware variant, with only a 29% similarity rate to Conti, allowed the attackers to evade detection by security measures and refine their tactics for future attacks.

Vulnerabilities

Esc Pau Etudes-Conseils may have been targeted by threat actors due to its standing in the consulting industry and the valuable data it possesses. The company's expertise in engineering, architecture, and project management could have made it an attractive target for cybercriminals seeking to exploit vulnerabilities in its network security. Additionally, the company's medium size and revenue may have made it a more accessible target for ransomware attacks.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.