SYMBOLCOMMON_NAMEaka. SYNONYMS
win.trigona (Back to overview)

Trigona


According to PCrisk, Trigona is ransomware that encrypts files and appends the "._locked" extension to filenames. Also, it drops the "how_to_decrypt.hta" file that opens a ransom note. An example of how Trigona renames files: it renames "1.jpg" to "1.jpg._locked", "2.png" to "2.png._locked", and so forth.

It embeds the encrypted decryption key, the campaign ID, and the victim ID in the encrypted files.

References
2024-01-30ASECSanseo
Trigona Ransomware Threat Actor Uses Mimic Ransomware
Trigona
2023-12-22PRODAFTPRODAFT
Smoke and Mirrors: Understanding The Workings of Wazawaka
Conti Monti Babuk Hive LockBit RagnarLocker Trigona
2023-06-23TrendmicroArianne Dela Cruz, Ieriz Nicolle Gonzalez, Ivan Nicole Chavez, Nathaniel Morales, Paul Pajares
An Overview of the Different Versions of the Trigona Ransomware
Trigona
2023-04-17AhnLabASEC
Trigona Ransomware Attacking MS-SQL Servers
Trigona
2023-03-16Palo Alto Networks Unit 42Frank Lee, Scott Roland
Bee-Ware of Trigona, An Emerging Ransomware Strain
Cryakl MimiKatz Trigona
2023-02-02FortinetShunichi Imano
Ransomware Roundup – Trigona Ransomware
Trigona

There is no Yara-Signature yet.