New ransomware, Trigona spotted by Malware Hunter Team

Share post:

The Malware Hunter Team claims to have discovered Trigona, a new encrypting ransomware variant. The malware appears to be a rebranded variant of an older ransomware strain. And this hacking group is unique in that they accept Monero as ransom payments.

Trigona was a well-known game hosted on Chinese servers that operated under the same name until September 2020. It also accepts command line arguments that specify whether local or network files should be encrypted, whether a Windows autorun key should be added, and whether a test victim ID (VID) or campaign ID (CID) should be used.

It uses command line arguments: /full /!autorun /test_cid /test_vid /path /!local /!lan /autorun_only and encrypts all files on a device except those in specific folders, such as the Windows and Program Files folders, then renames the encrypted files to use the ._locked extension. The ransomware also embeds the encrypted decryption key, the campaign ID, and the victim ID in the encrypted files.

It is unclear, however, how the operation breaches networks or deploys ransomware. However, it is known that it sends out ransom notes called how to decrypt.hta, which contain information about the attack, a link to the Tor negotiation site, and a link that copies an authorization key into the Windows clipboard, which is required to log in to the Tor negotiation site.

The sources for this piece include an article in BleepingComputer.

SUBSCRIBE NOW

Related articles

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

New SMS Phishing Scam Targets U.S. Toll Road Users with Fake Payment Alerts

Brian Krebs of the Krebs on Security blog did a big piece leading with how residents across the...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways