Trigona (Malware Family)

Trigona

According to PCrisk, Trigona is ransomware that encrypts files and appends the "._locked" extension to filenames. Also, it drops the "how_to_decrypt.hta" file that opens a ransom note. An example of how Trigona renames files: it renames "1.jpg" to "1.jpg._locked", "2.png" to "2.png._locked", and so forth.

It embeds the encrypted decryption key, the campaign ID, and the victim ID in the encrypted files.

References

2024-01-30 ⋅ ASEC ⋅ Sanseo
Trigona Ransomware Threat Actor Uses Mimic Ransomware
Trigona

2023-12-22 ⋅ PRODAFT ⋅ PRODAFT
Smoke and Mirrors: Understanding The Workings of Wazawaka
Conti Monti Babuk Hive LockBit RagnarLocker Trigona

2023-06-23 ⋅ Trendmicro ⋅ Arianne Dela Cruz, Ieriz Nicolle Gonzalez, Ivan Nicole Chavez, Nathaniel Morales, Paul Pajares
An Overview of the Different Versions of the Trigona Ransomware
Trigona

2023-04-17 ⋅ AhnLab ⋅ ASEC
Trigona Ransomware Attacking MS-SQL Servers
Trigona

2023-03-16 ⋅ Palo Alto Networks Unit 42 ⋅ Frank Lee, Scott Roland
Bee-Ware of Trigona, An Emerging Ransomware Strain
Cryakl MimiKatz Trigona

2023-02-02 ⋅ Fortinet ⋅ Shunichi Imano
Ransomware Roundup – Trigona Ransomware
Trigona

There is no Yara-Signature yet.

Trigona Propose Change

References

Trigona