Published: February 12, 2023 on our newsletter Security Fraud News & Alerts Newsletter.
Recently, MalwareHunterTeam found an outdated, unnamed ransomware was given new life. The Team found operators updated and improved the older ransomware to include enhanced ransom payment tactics, naming it Trigona. It’s believed Trigona is behind a growing number of ransomware attacks, to the point where those behind it have set up a chat support line for victims. As activity from Trigona is expanding, there’s more we can and should know about this ransomware.
How Trigona primarily infects a data system is currently unknown. Historically, favored routes for ransomware deployment include infected attachments and links sent via email phishing, pop-up windows including malvertising, drive-by downloads (a user unknowingly visits an infected website and infected files are downloaded without their knowledge), and network misconfigurations, to name a few.
Chat Support, Tor, and Monero
Steps the operators behind Trigona have put in place lead experts to believe the ransomware is digging in for a long life of cybercrime. They’ve invested in setting up a victim website on Tor, a dark web browser. It’s where Trigona has its chat support available, a place for its victims to ask questions and find answers about their ransomware attack. A thoughtful gesture? Not really, since the chat support exists to facilitate ransom payments the attackers demand being paid in Monero, a type of cryptocurrency favored by cybercriminals. The chat support also includes instructions on how to purchase and send Monero.
Email Phishing Security Tips
Since ransomware infections in general rely heavily on email phishing for infection, looking at how not to fall for this tricky and effective ransomware lure can help prevent becoming Trigona’s next victim.
Think before you click. Phishing emails carry malware attachments and malicious links in the message, and acting on them can be the first step to installing malware on a system.
Never open email attachments, especially when they’re unexpected. Attachment file types can include .docx, .pdf, .zip, and many more. Literally, no type of file should be excluded as carrying malware. Before opening, directly verify the sender is a trusted source. It’s as simple as making a phone call.
Look for any sense of urgency in an email. Hackers like to push us into acting quickly before there’s time to verify the email is legitimate.
Be aware of generic greetings, bad spelling or grammar in an email, as well as bad graphics such as a fuzzy company logo. A legitimate email shouldn’t have any typos, poor grammar, or questionable graphics.
Keep all software updated, especially for systems, anti-virus, and apps. Updates typically have fixes to security bugs that leave all types of software and devices open to attack
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at advisor@nadicent.com