• Home
  • News
  • Trigona Ransomware Hits 4 Countries At Once

Trigona Ransomware Hits 4 Countries At Once

Miklos Zoltan

By Miklos Zoltan . 20 January 2024

Founder - Privacy Affairs

Alex Popa

Fact-Checked this

Trigona ransomware infiltrated 4 targets recently in France, US, Austria, and Indonesia. The attacks were successful, in the sense that the hacker breached the victims’ defense systems and stole and encrypted valuable data.

  • The 4 victims are Vision Plast, Fertility North, Premier Facility Management, and PT Samuels Sekuritas Indonesia
  • There is no clear data regarding the aftermath of the attacks or the value of the ransoms
  • Trigona doesn’t rank among the most aggressive or well-known ransomware actors, but it is among the most stable in the market
  • The ransomware actor first became public in October of 2022, but traces of its binaries were observed starting with June 2022

The cyberhacking actor often targets multiple enterprises at a time to increase the chance of successful payments. The attacks always disrupt the victims’ normal operations and often lead their websites to go offline.

The recovery window varies depending on the severity of the attack. Some victims manage to overcome the fallout within hours, others require weeks, and others must pay the ransom.

X showing the Trigona attack on the 4 victims
https://twitter.com/FalconFeedsio/status/1748306810485055717

Despite its relatively low profile, Trigona appears to be a very lucrative organization, with significant gains, especially during the first months of operations. According to anonymous sources, Trigona would get up to 50% ransom payment rate.

This is considerably higher than many other ransomware actors, some of which can’t get past 20%. Such a difference is attributed to Trigona’s MO and propensity for collaborating with affiliates and other cyber-hacking organizations.

What to Know About Trigona Ransomware

Independent investigation agencies have discovered links between Trigona and BlackCat, also known as ALPHV ransomware. These links don’t stop at collaboration hints, but programming similarities as well.

Because of this, the suggestion is that Trigona may be BlackCat’s brainchild, allowing the latter to operate anonymously. The recent string of attacks attributed to Trigona come as a warning sign, showcasing the organization’s adaptability and resilience.

That’s because, Ukrainian Cyber Alliance, the famous pro-Ukrainian hacktivist group, announced back in October of 2023, that it managed to take down Trigona’s leak site. This was the website that Trigona was using to post stolen data.

Additionally, the Ukrainian group also stated that they’ve cracked down on the hacktivists and destroyed their operations. Not surprisingly, Trigona emerged just fine shortly after and resumed its operations. This is standard with most hacktivist groups.

Most manage to overcome any impediments relatively fast and resume their activity shortly.

Our Mission

We believe security online security matters and its our mission to make it a safer place.

Leave a Comment