Arete’s research team recently discovered the growing threat posed by Trigona ransomware
Arete, a leading global cyber risk management company, has recently released a report analyzing the potential threat of the New Trigona Ransomware and the possible ways organizations can build their response potential. The intent is to help companies remain up-to-date with the latest threat developments and strengthen their defenses.
Trigona is a new threat group and currently attempting to be more prevalent. Therefore, its tactics, techniques, and procedures are highly unpredictable and are still evolving. Since its inception, Arete closely monitored this threat group’s activity.
The Trigona Ransomware is believed to be within the same realm as ALPHV and is allegedly capitalizing on the weakness in the Zoho ManageEngine ADSelfService Plus. Arete identified a connection between Trigona and ALPHV, suggesting the possibility of administrative collaboration between the two highly sophisticated threat actors. There is a strong possibility that Trigona is leveraging ALPHV’s reputation and data leak site as a pressure tactic.
As per the CERT-In report, Ransomware attacks in India log in 51% spike in the first half of FY22. The Ransomware-As-A-Service (RAAS) ecosystem is evolving with sophisticated double and triple extortion tactics and a wide range of ransomware campaigns through affiliates. Threat actors are leveraging tools already available in the cyber environment rather than making custom tools and malware.
Impact assessment of Trigona Ransomware
Trigona allows threat actors to gain control over systems compromised by the introduction of malicious codes. They can then upload and execute arbitrary files and remote code execution on the affected installations of host systems. Once the threat network is identified, a PowerShell command downloads a file to install the ScreenConnect remote desktop tool.
Like other threats, regular data backup is the first step towards protecting and ensuring business continuity. However, testing the backup at regular intervals without fail is imperative. Arete offers state-of-the-art network restoration services in the event of such an attack. Maintaining adequate network hygiene, including facets like Multi-Factor-Authentication (MFA), potent password combination and rotation, and closed RDP ports, is also essential.
AI and ML can also be utilized for endpoint detection and response (EDR) solutions. This helps in real-time and more autonomous prevention, detection, and recovery from threats. An incident response plan and business continuity plan are essential to building resilience capacity.