bidon

BIDON is a variant of the Monti ransomware family, first observed around mid‑2023. It employs a double‑extortion strategy—encrypting victims’ files and simultaneously threatening to leak stolen data if the ransom isn’t paid. Notably, it appends the .PUUUK extension to encrypted files and drops a readme.txt ransom note outlining the extortion demands. The note offers a free decryption of two files as proof of capability and emphasizes that only authorized company personnel (e.g., top management) should engage. BIDON specifically targets corporate and enterprise organizations, not home users, and warns victims not to involve law enforcement or third-party recovery firms. It represents a shift toward more aggressive extortion tactics within the Monti lineage.