New ransomware, Trigona spotted by Malware Hunter Team

Share post:

The Malware Hunter Team claims to have discovered Trigona, a new encrypting ransomware variant. The malware appears to be a rebranded variant of an older ransomware strain. And this hacking group is unique in that they accept Monero as ransom payments.

Trigona was a well-known game hosted on Chinese servers that operated under the same name until September 2020. It also accepts command line arguments that specify whether local or network files should be encrypted, whether a Windows autorun key should be added, and whether a test victim ID (VID) or campaign ID (CID) should be used.

It uses command line arguments: /full /!autorun /test_cid /test_vid /path /!local /!lan /autorun_only and encrypts all files on a device except those in specific folders, such as the Windows and Program Files folders, then renames the encrypted files to use the ._locked extension. The ransomware also embeds the encrypted decryption key, the campaign ID, and the victim ID in the encrypted files.

It is unclear, however, how the operation breaches networks or deploys ransomware. However, it is known that it sends out ransom notes called how to decrypt.hta, which contain information about the attack, a link to the Tor negotiation site, and a link that copies an authorization key into the Windows clipboard, which is required to log in to the Tor negotiation site.

The sources for this piece include an article in BleepingComputer.

Featured Tech Jobs



Related articles

Kaspersky uncovers malware targeting iPhones running iOS 15.7 and below

Kaspersky has uncovered a sophisticated malware campaign specifically designed to infect iPhones running up to iOS 15.7 through...

WordPress fixes critical Jetpack plugin vulnerability

WordPress has addressed a critical flaw discovered in the Jetpack plugin, which had the potential to enable authors...

Akamai discovers Dark Frost botnet exploiting gaming platforms

Akamai's security intelligence response team recently has alerted the general public of Dark Frost, a botnet that has...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways