December 2, 2023

A bunch of pro-Ukraine hacktivists referred to as the Ukrainian Cyber Alliance says it has shut down the leak website run by the Trigona ransomware group.

In keeping with the spokesperson for the alliance, who goes by the web alias “herm1t,” the hacktivists worn out 10 of the Trigona gang’s servers, defaced its web site and exfiltrated knowledge concerning the cybercrime operation.

“Their complete infrastructure is totally blown away,” herm1t stated on Tuesday in a Fb put up. This contains the web site’s administrative panel, touchdown web page, weblog, inside server, cryptocurrency wallets and developer servers.

The spokesperson, who additionally makes use of the title Sean Townsend, claims that the alliance handled Trigona simply because the gang had handled its victims. “Welcome to the world you created for others!” herm1t said on X, previously Twitter.

Trigona Leaks is a darkish internet “name-and-shame” extortion weblog allegedly operated by the Trigona ransomware group. As of March, the web site marketed stolen knowledge from 4 victims positioned within the U.S. and Europe, in keeping with Dmitry Smilyanets, a product administration director at Recorded Future, the cybersecurity agency that’s the mother or father firm of Recorded Future Information.

“They had been an actual menace,” Smilyanets stated.

Herm1t instructed Recorded Future Information that the group plans to undergo the obtained knowledge themselves and presumably, sooner or later, share a few of it or move it on to different researchers.

Final week, herm1t claimed to have hacked the Trigona group’s account for the Confluence collaboration platform run by the software program firm Atlassian.

“This revelation stirred important consideration, highlighting that even ransomware gangs are utilizing platforms like Confluence,” said menace intelligence platform FalconFeeds.

Recognized for robust deadlines

The Trigona ransomware household was first noticed in June 2022. It principally focused tech, healthcare, and banking corporations within the U.S., India, Israel, Turkey, Brazil and Italy, in keeping with a report by cybersecurity firm Pattern Micro.

Trigona makes an attempt to extort its targets with intimidating time necessities, stated researchers at SentinelOne. Victims are then led to a fee portal on the darkish internet the place the group prefers to just accept Monero cryptocurrency.

The menace actor behind Trigona is might need a connection to the Russia-linked AlphV group, often known as BlackCat, researchers stated.

“We consider that any similarities between Trigona and BlackCat ransomware are solely circumstantial,” Pattern Micro stated. “One chance is that ALPHV collaborated with the menace actors deploying Trigona however weren’t truly concerned with its improvement and operation.”

Get extra insights with the

Recorded Future

Intelligence Cloud.

Be taught extra.

No earlier article

No new articles

Daryna Antoniuk

Daryna Antoniuk
is a contract reporter for Recorded Future Information primarily based in Ukraine. She writes about cybersecurity startups, cyberattacks in Jap Europe and the state of the cyberwar between Ukraine and Russia. She beforehand was a tech reporter for Forbes Ukraine. Her work has additionally been printed at Sifted, The Kyiv Impartial and The Kyiv Submit.