There is a new ransomware (opens in new tab) operator in town, and this one is making a name for itself rather quickly. Cybersecurity researchers from the MalwareHunterTeam have recently discovered a group that was previously unbranded and relatively low-profile. Now, the group carries the name “Trigona” and has become highly active.
In the last couple of months, the threat actor managed to compromise and encrypt the files of a number of targets, including a real estate company and an entire German village, BleepingComputer has found, adding that the attacks have been increasing all over the world.
Paying in Monero
The details are scarce. The researchers are yet to determine exactly how Trigona compromises the endpoints in its target network, and whether or not they use a zero-day or known malware for the breach.
The exact ransom demand is also unknown, although as with other groups, Trigona most likely negotiates the price with its victims. After all, it set up a dedicated Tor site with a chat support window where victims can negotiate further.
What we do know is that the ransom must be paid in Monero, a privacy-oriented cryptocurrency whose transactions are very difficult to track. As such, hackers and cybercriminals are quite fond of it.
The publication also said it exfiltrates data to a third location and later threatens to release it if the demands aren’t met, although this is yet to be verified. At the moment, there are no active negotiations.
Trigona offers its victims the ability to decrypt five 5MB files for free, to demonstrate that its decryptor is legitimate and operational. However, cybersecurity researchers and law enforcement warn businesses against paying ransoms, for multiple reasons.
Paying the demand does not guarantee a full restoration of both network access and files, and does not guarantee that the company won’t be attacked again. Furthermore, paying the demand only motivates the threat actors to continue their operations.
Instead, businesses should opt for strong cybersecurity suites, regular backups, and employee education on the dangers of cybercrime.
Via: BleepingComputer (opens in new tab)