According to PCrisk, Trigona is ransomware that encrypts files and appends the "._locked" extension to filenames. Also, it drops the "how_to_decrypt.hta" file that opens a ransom note. An example of how Trigona renames files: it renames "1.jpg" to "1.jpg._locked", "2.png" to "2.png._locked", and so forth.
It embeds the encrypted decryption key, the campaign ID, and the victim ID in the encrypted files.
|2023-06-23 ⋅ Trendmicro ⋅ |
An Overview of the Different Versions of the Trigona Ransomware
|2023-04-17 ⋅ AhnLab ⋅ |
Trigona Ransomware Attacking MS-SQL Servers
|2023-03-16 ⋅ Palo Alto Networks Unit 42 ⋅ |
Bee-Ware of Trigona, An Emerging Ransomware Strain
Cryakl MimiKatz Trigona
|2023-02-02 ⋅ Fortinet ⋅ |
Ransomware Roundup – Trigona Ransomware
There is no Yara-Signature yet.