Trigona ransomware infiltrated 4 targets recently in France, US, Austria, and Indonesia. The attacks were successful, in the sense that the hacker breached the victims’ defense systems and stole and encrypted valuable data.
The cyberhacking actor often targets multiple enterprises at a time to increase the chance of successful payments. The attacks always disrupt the victims’ normal operations and often lead their websites to go offline.
The recovery window varies depending on the severity of the attack. Some victims manage to overcome the fallout within hours, others require weeks, and others must pay the ransom.
Despite its relatively low profile, Trigona appears to be a very lucrative organization, with significant gains, especially during the first months of operations. According to anonymous sources, Trigona would get up to 50% ransom payment rate.
This is considerably higher than many other ransomware actors, some of which can’t get past 20%. Such a difference is attributed to Trigona’s MO and propensity for collaborating with affiliates and other cyber-hacking organizations.
We believe security online security matters and its our mission to make it a safer place.
Independent investigation agencies have discovered links between Trigona and BlackCat, also known as ALPHV ransomware. These links don’t stop at collaboration hints, but programming similarities as well.
Because of this, the suggestion is that Trigona may be BlackCat’s brainchild, allowing the latter to operate anonymously. The recent string of attacks attributed to Trigona come as a warning sign, showcasing the organization’s adaptability and resilience.
That’s because, Ukrainian Cyber Alliance, the famous pro-Ukrainian hacktivist group, announced back in October of 2023, that it managed to take down Trigona’s leak site. This was the website that Trigona was using to post stolen data.
Additionally, the Ukrainian group also stated that they’ve cracked down on the hacktivists and destroyed their operations. Not surprisingly, Trigona emerged just fine shortly after and resumed its operations. This is standard with most hacktivist groups.
Most manage to overcome any impediments relatively fast and resume their activity shortly.