This new ransomware is seeing rapid growth, so beware

(Image credit: Kaspersky)

There is a new ransomware operator in town, and this one is making a name for itself rather quickly. Cybersecurity researchers from the MalwareHunterTeam have recently discovered a group that was previously unbranded and relatively low-profile. Now, the group carries the name “Trigona” and has become highly active.

In the last couple of months, the threat actor managed to compromise and encrypt the files of a number of targets, including a real estate company and an entire German village, BleepingComputer has found, adding that the attacks have been increasing all over the world.

Paying in Monero

The details are scarce. The researchers are yet to determine exactly how Trigona compromises the endpoints in its target network, and whether or not they use a zero-day or known malware for the breach.

You may like

The exact ransom demand is also unknown, although as with other groups, Trigona most likely negotiates the price with its victims. After all, it set up a dedicated Tor site with a chat support window where victims can negotiate further.

What we do know is that the ransom must be paid in Monero, a privacy-oriented cryptocurrency whose transactions are very difficult to track. As such, hackers and cybercriminals are quite fond of it.

> What is ransomware and how does it work?

> The 10 worst ransomware attacks ever

> These are the best antivirus programs around

The publication also said it exfiltrates data to a third location and later threatens to release it if the demands aren’t met, although this is yet to be verified. At the moment, there are no active negotiations.

Trigona offers its victims the ability to decrypt five 5MB files for free, to demonstrate that its decryptor is legitimate and operational. However, cybersecurity researchers and law enforcement warn businesses against paying ransoms, for multiple reasons.

Paying the demand does not guarantee a full restoration of both network access and files, and does not guarantee that the company won't be attacked again. Furthermore, paying the demand only motivates the threat actors to continue their operations.

Instead, businesses should opt for strong cybersecurity suites, regular backups, and employee education on the dangers of cybercrime.

Check out our rundown of the best cloud firewall solutions

Via: BleepingComputer

TOPICS

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

A person at a laptop with a cybersecure lock symbol floating above it.

Cybercrime gang targets victims with "triple threat" attacks

A group of 7 hackers, 6 slightly blurred in the background and one in the foreground, all wearing black with hoods pulled up over their heads. You cannot see their faces. The hacker in the foreground sits with an open laptop in front of them. The background, behind the hackers, is a Chinese flag

China government-linked hackers caught running a seriously dangerous ransomware scam

Healthcare firms targeted by all-new ransomware strain

Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol

Interlock ransomware attacks highlight need for greater security standards on critical infrastructure

Ransomware criminals are now sending their demands...by snail mail?

A laptop with a red screen with a white skull on it with the message: "RANSOMWARE. All your files are encrypted."

More reports claim 2024 was the worst year for ransomware attacks yet

Latest in Security

Thousands of healthcare records exposed online, including private patient information

Juniper patches security flaws which could have let hackers take over your router

Representational image depecting cybersecurity protection

GitLab has patched a host of worrying security issues

Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.

AI agents can be hijacked to write and send phishing attacks

Volt Typhoon threat group had access to American utility networks for the best part of a year

Abstract image of cyber security in action.

MassJacker malware targets those looking for pirated software

Latest in News

A super close up image of the Google Gemini app in the Play Store

It's official: Google Assistant will be retired for phones this year, with Gemini taking over

Quordle hints and answers for Sunday, March 16 (game #1147)

NYT Strands homescreen on a mobile phone screen, on a light blue background

NYT Strands hints and answers for Sunday, March 16 (game #378)

NYT Connections homescreen on a phone, on a purple background

NYT Connections hints and answers for Sunday, March 16 (game #644)

Apple could launch an iPhone 17 Ultra this year – but we've heard these rumors before

ChatGPT is the ultimate gaming tool - here's 4 ways you can use AI to help with your next playthrough

More about security

Over 90% of Americans demand a "right-to-disconnect" law which would protect them from out-of-hours work communication

"I have nothing to hide" - our readers react to Apple getting secret hearing in appeal against UK government

Diamond set to become mainstream coolant for AI GPU servers as world’s best thermal conductor promises 25% better overclocking, and 'double performance per watt'

See more latest

Paying in Monero

Are you a pro? Subscribe to our newsletter