Trigona is a financially motivated ransomware group that first emerged with initial samples observed in June 2022, though it gained wider recognition in late October 2022. The group operates under a Ransomware-as-a-Service (RaaS) model and is distinct for employing a double extortion strategy where exfiltrated data is threatened for public release if the ransom is not paid. While its precise origins remain unknown, technical analysis indicates similarities in tactics, techniques, and procedures with CryLock ransomware. Trigona differentiates itself through its use of dynamic 4,112-bit RSA encryption and AES-256 in OFB mode, coupled with HTML Application (.hta) ransom notes. A notable shift in its operational model is the recent adoption of a custom-developed exfiltration tool, uploader_client.exe, to replace off-the-shelf utilities, enhancing its stealth and efficiency during data theft. Despite claims of a takedown in late 2023, Trigona affiliates quickly re-established operations, de

URLs nuevas detectadas en IntelTracker