New ransomware, Trigona spotted by Malware Hunter Team

Share post:

The Malware Hunter Team claims to have discovered Trigona, a new encrypting ransomware variant. The malware appears to be a rebranded variant of an older ransomware strain. And this hacking group is unique in that they accept Monero as ransom payments.

Trigona was a well-known game hosted on Chinese servers that operated under the same name until September 2020. It also accepts command line arguments that specify whether local or network files should be encrypted, whether a Windows autorun key should be added, and whether a test victim ID (VID) or campaign ID (CID) should be used.

It uses command line arguments: /full /!autorun /test_cid /test_vid /path /!local /!lan /autorun_only and encrypts all files on a device except those in specific folders, such as the Windows and Program Files folders, then renames the encrypted files to use the ._locked extension. The ransomware also embeds the encrypted decryption key, the campaign ID, and the victim ID in the encrypted files.

It is unclear, however, how the operation breaches networks or deploys ransomware. However, it is known that it sends out ransom notes called how to decrypt.hta, which contain information about the attack, a link to the Tor negotiation site, and a link that copies an authorization key into the Windows clipboard, which is required to log in to the Tor negotiation site.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

Hackers Plant False Memories in ChatGPT to Steal User Data

A security researcher has uncovered a vulnerability in ChatGPT that could allow hackers to store false information and...

“Octo2” Trojan Targets Bank Accounts by Posing as VPN or Chrome Apps on Android

A new malware variant called “Octo2” is spreading across Android devices by posing as popular apps like NordVPN...

Evilginx – Open source tool can bypass Multi-Factor Authentication (MFA)

Security vendor Abnormal Security is reporting a new cybersecurity tool that is gaining traction among cybercriminals. The tool,...

Kaspersky’s exit from US market frightens some customers

Kaspersky, the Russian cybersecurity firm, has unexpectedly removed its antivirus software from U.S. customers' computers, replacing it with...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways