New ransomware, Trigona spotted by Malware Hunter Team

The Malware Hunter Team claims to have discovered Trigona, a new encrypting ransomware variant. The malware appears to be a rebranded variant of an older ransomware strain. And this hacking group is unique in that they accept Monero as ransom payments.

Trigona was a well-known game hosted on Chinese servers that operated under the same name until September 2020. It also accepts command line arguments that specify whether local or network files should be encrypted, whether a Windows autorun key should be added, and whether a test victim ID (VID) or campaign ID (CID) should be used.

It uses command line arguments: /full /!autorun /test_cid /test_vid /path /!local /!lan /autorun_only and encrypts all files on a device except those in specific folders, such as the Windows and Program Files folders, then renames the encrypted files to use the ._locked extension. The ransomware also embeds the encrypted decryption key, the campaign ID, and the victim ID in the encrypted files.

It is unclear, however, how the operation breaches networks or deploys ransomware. However, it is known that it sends out ransom notes called how to decrypt.hta, which contain information about the attack, a link to the Tor negotiation site, and a link that copies an authorization key into the Windows clipboard, which is required to log in to the Tor negotiation site.

The sources for this piece include an article in BleepingComputer.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web