Trigona

Posted: December 24, 2023
from Cybersecurity Glossary
Aliases:
Win32:RansomX-gen [Ransom], Variant.Fragtor.168126, Trojan-Ransom.Win32.Generic, Trojan:Win32/Wacatac.B!ml, Ransom:Win32/Trigona.SA!MTB, Generic.Ransom.Trigona.A.A4161FC2 (B)
Category:
Platform:
Windows , Linux
Variants:
Linux variant
Damage:
Loss Of Sensitive Data, Loss Of Operations, Data Leaked To The Public, Fines For A Data Breach, Money Lost To Ransom, Stolen Credentials
Risk Level:
High

Emerging in June 2022, Trigona gained recognition from cybersecurity experts by October 2023. Initially targeting Windows SQL servers, variants adapted for Linux exploitation were detected in 2023. The Ukrainian Cyber Alliance (UCA) hacktivist group claimed successful disruption of Trigona's operations in October 2023.

Possible symptoms

  • Unusual system file modifications and extensions.
  • Frequent file access errors or inability to open files.
  • System performance degradation, particularly on SQL servers.
  • Appearance of ransom notes demanding payment for file decryption.
  • Unexpected network traffic, especially to suspicious IP addresses.

Sources of the infection

  • Phishing emails with malicious attachments targeting SQL server administrators.
  • Exploitation of known vulnerabilities in Windows and SQL server software.
  • Compromised third-party applications and plugins used in SQL server environments.
  • Drive-by downloads from compromised or malicious websites.
  • Infected external storage devices connected to SQL servers.
  • Unauthorized access through weak or leaked credentials.

Overview

Trigona is a ransomware variant known by various aliases such as Win32:RansomX-gen [Ransom], Variant.Fragtor.168126, Trojan-Ransom.Win32.Generic, Trojan:Win32/Wacatac.B!ml, Ransom:Win32/Trigona.SA!MTB, Generic.Ransom.Trigona.A.A4161FC2 (B). It poses a significant threat with the potential for severe consequences, including the loss of sensitive data, operational disruptions, data leaks to the public, fines for data breaches, financial losses due to ransom payments, and stolen credentials.

Emerging onto the cybersecurity scene in June 2022, Trigona garnered attention from experts by October 2023. Initially focusing on Windows SQL servers, the ransomware later evolved to include variants targeting Linux systems. Notably, the Ukrainian Cyber Alliance (UCA) hacktivist group claimed successful disruption of Trigona's operations in October 2023.

Trigona manifests through various symptoms, including unusual system file modifications, frequent file access errors, system performance degradation (particularly on SQL servers), ransom notes demanding payment, and unexpected network traffic to suspicious IP addresses.

The ransomware spreads through phishing emails with malicious attachments targeting SQL server administrators, exploitation of known vulnerabilities in Windows and SQL server software, compromised third-party applications and plugins used in SQL server environments, drive-by downloads from compromised or malicious websites, infected external storage devices connected to SQL servers, and unauthorized access through weak or leaked credentials.

If you suspect Trigona infection, it's crucial to isolate the affected system from the network, refrain from paying the ransom, utilize Gridinsoft Anti-Malware for scanning and removal, and restore files from backups created before the infection occurred.

To prevent Trigona infections, regular updates and patches for operating systems and software are essential to address vulnerabilities. Implementing network segmentation helps contain the spread of ransomware. Strong, unique passwords and multi-factor authentication protect credentials, while regular backups stored securely offline provide a safeguard. Educating users about phishing techniques and the importance of avoiding suspicious email attachments or links also plays a vital role in prevention.

🤔 What to do?

If you suspect your system is infected with Trigona ransomware:

  • Isolate the affected system from the network to prevent further spread.
  • Do not pay the ransom, as it does not guarantee file recovery and funds the attackers.
  • Use Gridinsoft Anti-Malware to scan and remove the ransomware.
  • Restore files from backups that were created before the infection occurred.

🛡️ Prevention

To prevent Trigona ransomware infections:

  • Regularly update and patch operating systems and software to address vulnerabilities.
  • Implement network segmentation to contain the spread of ransomware.
  • Use strong, unique passwords and enable multi-factor authentication to protect credentials.
  • Back up important data regularly and store backups in a secure, offline location.
  • Educate users about phishing techniques and the importance of avoiding suspicious email attachments or links.

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Gridinsoft Anti-Malware