A United States government agency warned about Trinity ransomware, known for extorting crypto from its victims in exchange for not leaking data accessed via several attack vectors.
On Oct. 4, the US Health Sector Cybersecurity Coordination Center (HC3) published a profile of Trinity ransomware, a threat actor that targets sensitive data. The attackers use phishing emails, malicious websites and software vulnerabilities to trick victims into installing the ransomware on their computers.
It then searches the computer for sensitive information, collects it, and sends it to hackers. The ransomware also encrypts the victim’s files with an algorithm, rendering them useless.
After encrypting the files, the ransomware generates a note telling its victims it has extracted and encrypted their data, demanding payment in exchange for a decryption key.
Hackers threaten victims to pay within 24 hours
The note also tells victims they have 24 hours to pay in crypto or their data will be leaked. HC3 wrote:
“Victims have 24 hours to contact the cybercriminals, and failure to do so will result in the stolen data being leaked or sold. Unfortunately, no known decryption tools are currently available for Trinity ransomware, leaving victims with few options.”
HC3 said Trinity ransomware targets critical infrastructure, such as health-care providers. The government agency said seven organizations had fallen victim to the ransomware. “HC3 is aware of at least one healthcare entity in the United States that has fallen victim to Trinity ransomware recently,” HC3 reported.
Related: DHS says it thwarted more than 500 crypto ransom attacks in 3 years
Ransomware crypto payments reached $1 billion in 2023
Chainalysis’ 2024 Crypto Crime Report showed that in 2023, high-profile institutions and infrastructure had paid about $1.1 billion in crypto to ransomware attackers. The report said many actors carried out attacks last year, ranging from individuals and smaller crime groups to large-scale syndicates.
The report also said that 538 new ransomware variants were created in 2023 and that large companies like the BBC and British Airways were targeted.
Magazine: Asia Express: WazirX hackers prepped 8 days before attack, swindlers fake fiat for USDT