Man
Professional
- Messages
- 3,085
- Reaction score
- 623
- Points
- 113
Experts will have to find out what Trinity is - a mutant of old viruses or a new product.
US medical institutions have fallen victim to the new Trinity ransomware. According to the U.S. Department of Health and Human Services, the tactics and methods of the group behind Trinity pose a "significant threat" to the U.S. health and public health sector. Experts noted that the program was first discovered in May 2024.
According to reports, Trinity has harmed at least 7 organizations, 2 of which work in the field of healthcare. One of the victims was an American provider of gastroenterological services, from which 330 GB of data was stolen. The institution, which previously posted a report of technical problems and limited access to phone systems, has not yet been identified, but is mentioned on the Trinity leak site. Another case was recorded in the UK. In addition, the researchers reported another incident involving a group of dentists from New Jersey.
Experts draw attention to the similarity of Trinity with two other types of ransomware - 2023Lock and Venus. This indicates possible cooperation between cybercriminal groups. Like other similar programs, Trinity uses known vulnerabilities for data theft and extortion.
Once installed, the program collects system data, including information about processors and connected drives, and then scans the network for vulnerabilities for further spread. Encrypted files receive the "trinitylock" extension, after which a ransom note will appear on the desktop or in folders with encrypted data.
The program also tries to escalate its access rights by mimicking legitimate processes, allowing it to bypass security measures. Trinity scans the network and moves around it, infecting other systems.
The note contains instructions and a contact email address. Victims are given 24 hours to pay the ransom in cryptocurrency, otherwise the data will be released. Experts noted that at the moment there are no methods for deciphering data. The operators of the program use two sites – one to help those who have paid the ransom, and the second to showcase stolen data in order to pressure victims.
It was also found that the Trinity and Venus programs share common features in the codebase and encryption methods, which may indicate that Trinity is a new version of 2023Lock. Similar conclusions have been made by other researchers, who note that Trinity may be a rebrand of the Venus and 2023Lock programs.
To combat this threat, experts recommend segmenting networks, using backups and updating software.
Source
US medical institutions have fallen victim to the new Trinity ransomware. According to the U.S. Department of Health and Human Services, the tactics and methods of the group behind Trinity pose a "significant threat" to the U.S. health and public health sector. Experts noted that the program was first discovered in May 2024.
According to reports, Trinity has harmed at least 7 organizations, 2 of which work in the field of healthcare. One of the victims was an American provider of gastroenterological services, from which 330 GB of data was stolen. The institution, which previously posted a report of technical problems and limited access to phone systems, has not yet been identified, but is mentioned on the Trinity leak site. Another case was recorded in the UK. In addition, the researchers reported another incident involving a group of dentists from New Jersey.
Experts draw attention to the similarity of Trinity with two other types of ransomware - 2023Lock and Venus. This indicates possible cooperation between cybercriminal groups. Like other similar programs, Trinity uses known vulnerabilities for data theft and extortion.
Once installed, the program collects system data, including information about processors and connected drives, and then scans the network for vulnerabilities for further spread. Encrypted files receive the "trinitylock" extension, after which a ransom note will appear on the desktop or in folders with encrypted data.
The program also tries to escalate its access rights by mimicking legitimate processes, allowing it to bypass security measures. Trinity scans the network and moves around it, infecting other systems.
The note contains instructions and a contact email address. Victims are given 24 hours to pay the ransom in cryptocurrency, otherwise the data will be released. Experts noted that at the moment there are no methods for deciphering data. The operators of the program use two sites – one to help those who have paid the ransom, and the second to showcase stolen data in order to pressure victims.
It was also found that the Trinity and Venus programs share common features in the codebase and encryption methods, which may indicate that Trinity is a new version of 2023Lock. Similar conclusions have been made by other researchers, who note that Trinity may be a rebrand of the Venus and 2023Lock programs.
To combat this threat, experts recommend segmenting networks, using backups and updating software.
Source
