MONTI ransomware gang leaks Donut Leaks (UPDATED)

Posted on by Dissent

In one of the more intriguing listings of this week, the MONTI ransomware group has added another group, Donut Leaks, to their leak site.

The message reads:

“stole 100,000 usd didn’t fulfill the terms of the deal”

The listing then provides the login credentials to what is allegedly Donut Leaks’ admin cpanel.

When tested on _D#NUT:ch, however, the login credentials did not work. Perhaps D#NUT Leaks spotted the post and changed their login.

The login screen for D#NUT Leaks says, “Keep calm and avoid of hijacking, crckng, hackng, fckng. Thx. Enjoy”

So what happened here? Did Donut Leaks screw MONTI on some deal and MONTI is now seeking revenge? It seems so, considering their comment on their site:

MONTI's description says: Donut Leaks This gay rippers

Oh, sweet mysteries of life. Donut Leaks sites were not reachable at time of publication and DataBreaches does not have other contact information for them at this time.

Update of April 11:

DataBreaches’ luck in accessing  D#nut Leaks site has been less than optimal, but it appears that the group has responded to Monti’s accusations with a statement.  Converting a screencap provided to this site by eCrime.ch, the text of D#nut Leaks’  post follows:

Hello. Today we received news that a little-known (or rather unknown) group with the telling name MONTI published a post saying that we owe them 100K USD. MONTI also allegedly posted login details for the admin panel.

Only there is a small problem: all TOR services, which are attacked every second in all possible ways, are running in docker containers, in isolated networks, without the ability to access each other. Let’s not say that we don’t use the “Admin Panels” mentioned in the note at all. No sensitive information has ever been within the reach of the chat or blog API. Backups of all services are made automatically once a day. They are duplicated on various git services. Of course, all backups, as well as information from the file storage, are encrypted asynchronously. Apparently the guys from this group are not familiar with such words.

We have never broken agreements with anyone. For us, the most important thing is the reputation we have earned. Our software has never been hacked, we pay all attention to quality, not quantity. No source code has been published anywhere. Moreover, not a single anti-virus company could even approximately, think about it, name the compiler with which our software was compiled.

Instead of a conclusion, we want to wish good luck to the guys from MONTI. We also want to wish more attention and time to be given to security issues for our “clients”, because there is nothing more interesting than to win really difficult, and therefore sweeter victories 😉

Good luck to everyone.

Curiouser and curiouser.

Category: MiscellaneousOf Note