Ransomware Roundup – Trigona Ransomware

On a bi-weekly basis, FortiGuard Labs gathers data on ransomware variants of interest that have been gaining traction within our datasets and the OSINT community. The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants.

This latest edition of the Ransomware Roundup covers the Trigona ransomware.

Affected platforms: Microsoft Windows
Impacted parties: Microsoft Windows Users
Impact: Encrypts files on the compromised machine and demands ransom for file decryption
Severity level: High

Trigona Ransomware Overview

The Trigona ransomware variant was first reported in October 2022. Trigona has adopted the double-extortion methodology of encrypting endpoints and/or other infrastructure of value within an organization and then threatening to release exfiltrated data from those machines on the internet if a ransom is not paid. As proof that users can get affected files back, the Trigona threat actor offers free decryption of up to three files.

Some public reports suggest Trigona ransomware activity picked up towards the end of 2022.

Trigona Ransomware Infection Vector

While the infection vector has not been identified, deployment via other malware distributed using emails, Remote Desktop Protocol (RDP), and exploiting vulnerabilities are suspected distribution methods.

Trigona Ransomware Execution

When launched, the ransomware encrypts files on compromised machines and adds a "._locked" file extension to those encrypted files.

Public link

Please use the above public link if you want to share this noodl on another website.