Global attacks launched by Trigona ransomware

Numerous manufacturing, finance, agriculture, construction, marketing, and technology firms in the U.S., France, Germany, Italy, Australia, and New Zealand have been targeted by the Trigona ransomware operation since its emergence in October, with 15 or more organizations potentially impacted by the operation in December alone, SecurityWeek reports. File encryption is being facilitated by Trigona ransomware through the use of a Delphi AES library, with persistence established on its own while altering registry keys to enable the deployment of a .hta ransomware note, according to a report from Palo Alto Networks' Unit 42 team. Several tools are also being used in Trigona attacks, including NetScan, Mimikatz, and Advanced Port Scanner. Moreover, the Trigona operation was also discovered to share CryLock ransomware's tactics, techniques, and procedures. "Trigona is a newer strain of ransomware that, to date, has had minimal coverage by security news articles. This lack of security community awareness allows Trigona to discreetly attack victims while other higher-profile ransomware operations dominate the news headlines," said Unit 42.