Fixed Intel
Back to Groups

trigona

INACTIVE

According to PCrisk, Trigona is ransomware that encrypts files and appends the ._locked extension to filenames. Also, it drops the how_to_decrypt.hta file that opens a ransom note. An example of how Trigona renames files: it renames 1.jpg to 1.jpg._locked, 2.png to 2.png._locked, and so forth.It embeds the encrypted decryption key, the campaign ID, and the victim ID in the encrypted files.

0

Total Victims

First Seen

Unknown

Last Active

Unknown

Known Sites

4

Reference Links

[Ransomware Spotlight: Trigona](https://www.trendmicro.com/vinfo/us/security/news/ransomware-spotlight/ransomware-spotlight-trigona)[Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours](https://thedfirreport.com/2024/01/29/buzzing-on-christmas-eve-trigona-ransomware-in-3-hours/)