There's a new ransomware operator (opens in a new tab) in town, and he's making a name for himself pretty quickly. Cybersecurity researchers from MalwareHunterTeam recently discovered a group that was previously unbranded and relatively discreet. From now on, the group goes by the name “Trigona” and has become very active.
Over the past two months, the threat actor has managed to compromise and encrypt the files of a number of targets, including a real estate company and an entire German village, BleepingComputer has found, adding that attacks are on the rise in the world. world entero.
Pay in Monero
Details are scant. Researchers have yet to determine exactly how Trigona compromises endpoints on their target network, and whether or not they are using known or zero-day malware for the breach.
The exact ransom demand is also unknown, although as with other groups, Trigona most likely negotiates the price with their victims. After all, it has created a dedicated Tor site with a chat support window where victims can continue trading.
What we do know is that the ransom must be paid in Monero, a privacy-focused cryptocurrency whose transactions are very difficult to trace. As such, hackers and cybercriminals like it a lot.
The post also said that it pulls the data to a third location and then threatens to release it if the requests are not met, though this has yet to be verified. At the moment there are no active negotiations.
Trigona offers its victims the chance to decrypt five 5MB files for free, to prove that their decryptor is legitimate and working. However, cybersecurity researchers and law enforcement warn companies against paying ransoms for various reasons.
Paying the request does not guarantee full restoration of network and file access, and does not guarantee that the company will no longer be attacked. Furthermore, paying the demand only motivates threat actors to continue their operations.
Instead, companies should opt for robust cybersecurity suites, regular backups, and employee training on the dangers of cybercrime.
Via: BleepingComputer (Opens in a new tab)