• Home
  • News
  • Trigona Ransomware Bites Into 4

Trigona Ransomware Bites Into 4

Miklos Zoltan

By Miklos Zoltan . 31 January 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

Trigona launched a coordinated attack recently, resulting in 4 casualties. As is the case with this ransomware actor, the victims are all from different countries. This time, we have Spain, USA, and Australia on the menu.

  • The 4 victims are Ausa, Daher Contracting Inc, Genesis Motors Isuzu UTE, and CMG Drainage Engineering
  • Ausa is the oldest of the 4, being established in 1956, while Genesis Motors is the youngest, coming out in 2011
  • Trigona has a solid reputation as a feared ransomware actor with scary potential and considerable resources
  • Preliminary and subsequent investigations found connections between Trigona and CryLock

Unlike other ransomware actors, Trigona appears to have a disjointed schedule. The organization varies its attack frequency a lot and has been working that way since its inception.

August of 2023 has been the most active for the cybercriminal group with 25 confirmed infected machines, but July only had 5. The following months also dropped visibly.

X showing the Trigona attack on the 4 new victims
https://twitter.com/FalconFeedsio/status/1752595066755915972

Trigona doesn’t have specific preferences when it comes to picking its targets. These can belong to any industry and rank anywhere in terms of finances and size. However, Trigona prefers to stick to medium-size companies and only attacks large ones sparingly.

An interesting development was announced in October of 2023, when the Ukrainian Cyber Alliance claimed to have cracked down on Trigona’s leak site. However, Trigona soon resumed its activity, as is typically the case in such events.

Trigona’s Frightening MO

Trigona isn’t necessarily an intimidating ransomware entity, at least not more than any typical actor. But what does make the organization more frightening than others is its tendency to cooperate with other ransomware groups.

Links were discovered between Trigona and CryLock, as well as BlackCat, which is typically known as ALPHV. CryLock appears to be the closest, though, with some suggesting that the connection between the 2 isn’t limited to cooperation only.

Specialists have discovered very clear similarities between Trigona and CryLock’s tactics, MOs, and procedures, suggesting that they may actually work together. Similar links have been discovered in the case of ALPHV, although not as meaningful.

This shows that, despite being moderately effective and resourceful, Trigona often relies on other ransomware organizations to improve its effectiveness and reach. More importantly, it adapts its code and approaches to match those more powerful than it.

This qualifies Trigona as a dangerous and formidable ransomware actor, despite not looking like it.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment