Trigona

Emerging in June 2022, Trigona gained recognition from cybersecurity experts by October 2023. Initially targeting Windows SQL servers, variants adapted for Linux exploitation were detected in 2023. The Ukrainian Cyber Alliance (UCA) hacktivist group claimed successful disruption of Trigona's operations in October 2023.

Overview

Trigona is a ransomware variant known by various aliases such as Win32:RansomX-gen [Ransom], Variant.Fragtor.168126, Trojan-Ransom.Win32.Generic, Trojan:Win32/Wacatac.B!ml, Ransom:Win32/Trigona.SA!MTB, Generic.Ransom.Trigona.A.A4161FC2 (B). It poses a significant threat with the potential for severe consequences, including the loss of sensitive data, operational disruptions, data leaks to the public, fines for data breaches, financial losses due to ransom payments, and stolen credentials.

Emerging onto the cybersecurity scene in June 2022, Trigona garnered attention from experts by October 2023. Initially focusing on Windows SQL servers, the ransomware later evolved to include variants targeting Linux systems. Notably, the Ukrainian Cyber Alliance (UCA) hacktivist group claimed successful disruption of Trigona's operations in October 2023.

Trigona manifests through various symptoms, including unusual system file modifications, frequent file access errors, system performance degradation (particularly on SQL servers), ransom notes demanding payment, and unexpected network traffic to suspicious IP addresses.

The ransomware spreads through phishing emails with malicious attachments targeting SQL server administrators, exploitation of known vulnerabilities in Windows and SQL server software, compromised third-party applications and plugins used in SQL server environments, drive-by downloads from compromised or malicious websites, infected external storage devices connected to SQL servers, and unauthorized access through weak or leaked credentials.

If you suspect Trigona infection, it's crucial to isolate the affected system from the network, refrain from paying the ransom, utilize Gridinsoft Anti-Malware for scanning and removal, and restore files from backups created before the infection occurred.

To prevent Trigona infections, regular updates and patches for operating systems and software are essential to address vulnerabilities. Implementing network segmentation helps contain the spread of ransomware. Strong, unique passwords and multi-factor authentication protect credentials, while regular backups stored securely offline provide a safeguard. Educating users about phishing techniques and the importance of avoiding suspicious email attachments or links also plays a vital role in prevention.