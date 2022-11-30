Home This new ransomware is seeing rapid growth, so beware
There is a new ransomware (opens in new tab) operator in town, and this one is making a name for itself pretty quickly. Cybersecurity researchers from the MalwareHunterTeam recently discovered a group that was previously unbranded and relatively unremarkable. Now the group bears the name “Trigona” and has become very active.

In recent months, the threat managed to compromise and encrypt the files of a number of targets, including a real estate company and an entire German village, BleepingComputer found, adding that attacks are on the rise around the world.

Pay in Monero

The details are scarce. The researchers have yet to determine exactly how Trigona compromises the endpoints in its target network and whether or not they use zero-day or known malware for the breach.

The exact ransom demanded is also unknown, though Trigona, as with other groups, most likely negotiates the price with its victims. After all, it has set up a dedicated Tor site with a chat support window where victims can further negotiate.

What we do know is that the ransom must be paid in Monero, a privacy-focused cryptocurrency whose transactions are very difficult to track. As such, hackers and cybercriminals love it.

The publication also said it is exfiltrating data to a third-party location and later threatening to release it if the demands are not met, though this has yet to be verified. There are currently no active negotiations.

Trigona offers its victims the opportunity to decrypt five 5 MB files for free, proving that the decryptor is legitimate and operational. However, cybersecurity researchers and law enforcement warn companies against paying ransoms for multiple reasons.

Paying the demand does not guarantee full recovery of both network access and files, and does not guarantee that the company will not be attacked again. Moreover, paying the demand only motivates the threat actors to continue their operations.

Instead, companies should opt for strong cybersecurity suites, regular backups, and educating employees about the dangers of cybercrime.

