Trigona Ransomware Group
| Actor Type | Criminal Group |
|---|---|
| Directly Linked Intrusion Sets | CryLock Ransomware Group , Cryakl Ransomware Group |
The Trigona Ransomware group reportedly began operations in 2022 and target both Windows and Linux systems.
Some researchers indicate that there is some overlap in tactics, techniques and procedures (TTPs) with the CryLock ransomware operators.
Cyber Threat Graph Context
Explore how this Intrusion Set relates to the wider threat graph
Trigona Ransomware Group Threat Reports
Report
Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours
This report by the DFIR Report outlines a Trigona Ransomware attack. It describes how the actors went from initial access (by exposed RDP) to data ...
References
www.trendmicro.com
https://www.trendmicro.com/en_us/research/23/f/an-overview-of-the-trigona-ransomware.htmlunit42.paloaltonetworks.com
https://unit42.paloaltonetworks.com/trigona-ransomware-update/thedfirreport.com
https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/MITRE ATT&CK Techniques
MITRE ATT&CK techniques observed in use by this intrusion set.
| ATT&CK ID | Title | Associated Tactics |
|---|---|---|
| T1547.001 | Registry Run Keys / Startup Folder | Persistence, Privilege Escalation |
| T1105 | Ingress Tool Transfer | Command and Control |
| T1570 | Lateral Tool Transfer | Lateral Movement |
| T1112 | Modify Registry | Defense Evasion |
| T1567.002 | Exfiltration to Cloud Storage | Exfiltration |
| T1562.001 | Disable or Modify Tools | Defense Evasion |
| T1083 | File and Directory Discovery | Discovery |
| T1135 | Network Share Discovery | Discovery |
| T1033 | System Owner/User Discovery | Discovery |
| T1069.002 | Domain Groups | Discovery |
| T1018 | Remote System Discovery | Discovery |
| T1486 | Data Encrypted for Impact | Impact |
| T1021.001 | Remote Desktop Protocol | Lateral Movement |
| T1059.001 | PowerShell | Execution |
| T1059.003 | Windows Command Shell | Execution |
| T1133 | External Remote Services | Initial Access, Persistence |
| T1078 | Valid Accounts | Defense Evasion, Initial Access, Persistence, Privilege Escalation |