Skip to content
Trigona Ransomware
Under attack by ransomware or suffering a cyber breach?
Speed is critical when facing a live cyber attack. If you believe you’ve been compromised, by the Trigona ransomware group or another threat actor - contact us immediately.
About Trigona ransomware group
Trigona ransomware, active since 2022, is a sophisticated ransomware variant linked to the CryLock ransomware family and believed to be operated by Russian threat actors.
Victims typically discover the breach through a ransom note that appears on their systems, alerting them that access has been blocked and file encryption has begun. The Trigona ransomware group then demands payment in cryptocurrency to restore access whilst threatening to leak sensitive data if the ransom is not paid.
What we can help with:
- Encrypted files & ransomware data recovery
- Incident response and containment
- Secure data restoration and system recovery
- Use of ransomware decryption tools and data recovery software
- Development of incident response plans and disaster recovery solutions
- Post-incident reviews and security hardening
Request a call back
If your organisation has been infected with ransomware contact us immediately.
How Trigona operators work
Trigona ransomware, first identified in June 2022, is linked to CryLock and possibly ALPHV/BlackCat, based on shared TTPs, payloads, and command line arguments.
These ransomware threat actors target industries like finance, legal, healthcare, and manufacturing, often gaining access through brute force attacks on RDP or unpatched vulnerabilities.
They use a data leak site for extortion, leaving behind encrypted files, .dat artefacts, and signs of registry tampering. Attacks involve malicious batch files, autorun entries, and advanced port scanning of network shares.
Victims report suspicious logs, unusual file names, and activity tied to weak user credentials. RDP abuse is common, with IP addresses and connection logs found during forensic analysis.
We are equipped to deal with an attack from any ransomware group.
Don’t hesitate to contact us if you are under attack from a ransomware group not listed above.
Recognising a Trigona attack
Trigona ransomware attacks typically begin with initial access via Remote Desktop Protocol or through network access brokers. Once inside the network, the threat actors perform lateral movement to compromise critical systems such as SQL servers, file servers, and remote desktop users. After embedding themselves, the encryption process begins, appending custom file extensions to local files, and generating a tailored ransom note containing a victim ID, computer ID, and ransom instructions.
Using a double extortion scheme, the Trigona operators not only render files inaccessible but also exfiltrate sensitive data, including internal documents and personally identifiable information.
To further evade detection, Trigona ransomware binaries use command line tools, debug mode, and disable Windows Defender, making this ransomware variant particularly challenging to stop.
Why you must not interfere with your ransomware environment
If you discover a physical break-in at your offices, your first instinct would be to call the police; touch nothing and let them search for clues. Then, your focus would shift to restoring business operations.
A cyber-attack requires the same approach. Your digital environment is a CRIME SCENE. It is crucial to leave the environment untouched to allow for a forensic investigation.
This is not a task for your IT team or MSP. Digital Forensic specialists are available 24/7 to assist you, just like in a physical crime.
| description | Sector | Date Discovered | Attack Date | Country | Screenshot |
|---|---|---|---|---|---|
| Claro, a subsidiary of América Móvil, stands at the forefront of telecommunications innovation, recognizing the vital role of connectivity in shaping a better world. Originating from a public telephone company, Claro has evolved into a global connectivity, communication, and Information Technology solutions provider, driven by a commitment to continuous innovation and customer-centric services. | Business Services | 30/03/2024 05:55 PM | 30/03/2024 12:00 PM | MX | View' rel='' target='_self'>View |
| South Star Electronics Co., Ltd. is a prominent electronics company based in Dongguan City, China. Specializing in the design, manufacturing, and distribution of electronic products, SouthStar Electronics has established itself as a leading player in the industry. | Technology | 20/03/2024 01:21 AM | 20/03/2024 12:00 PM | CN | View' rel='' target='_self'>View |
| Indoarsip is a leading provider of archival solutions, dedicated to preserving and managing critical documents and records for organizations across Indonesia. With a strong presence in the archiving industry, Indoarsip offers comprehensive services and innovative technologies to meet the diverse needs of its clients. | Business Services | 16/03/2024 07:21 PM | 16/03/2024 12:00 PM | ID | View' rel='' target='_self'>View |
| Bwizer is a prominent entity known for its dedication to advancing the fields of healthcare and wellness education. With a stronghold in Portugal, Bwizer has emerged as a leading platform providing comprehensive educational resources and training programs tailored to professionals in the healthcare and wellness sectors. Founded with a vision to bridge the gap between traditional education and the evolving needs of modern healthcare practices, Bwizer offers a diverse range of courses, workshops, and events designed to empower professionals with the latest knowledge and skills. | Healthcare | 16/03/2024 07:20 PM | 16/03/2024 12:00 PM | PT | View' rel='' target='_self'>View |
| Topa Electrical, led by Electrical Inspector Jeff Zhao, boasts a rich legacy of over a decade in providing top-notch electrical services to the Canterbury region in New Zealand. With a steadfast commitment to excellence and a focus on building enduring relationships with clients, Topa Electrical has emerged as a trusted name in the industry. | Not Found | 16/03/2024 05:49 PM | 16/03/2024 12:00 PM | NZ | View' rel='' target='_self'>View |
| ATMCo is a reputable tax management company based in Broken Arrow, Oklahoma. With a commitment to simplifying tax-related processes for businesses and individuals, ATMCo offers comprehensive services in tax preparation, bookkeeping, and accounting. Company is headquartered at 2220 W Houston St Ste A, Broken Arrow, Oklahoma. Situated in a convenient location, the company is easily accessible to clients seeking professional tax management services. | Technology | 15/03/2024 04:19 PM | 21/02/2024 10:00 AM | US | View' rel='' target='_self'>View |
| Established in 1970, Dinamic Oil S.p.A. is a renowned Italian manufacturer specializing in hoisting winches and planetary gearboxes. With its headquarters in Modena, the company has flourished over the years, solidifying its position in the global market through three production units, eight subsidiaries across Europe, the Americas, and Asia, and an extensive network of distributors worldwide. | Manufacturing | 28/02/2024 11:51 PM | 28/02/2024 10:00 AM | IT | View' rel='' target='_self'>View |
| Welcome to the Boutique Hospitality Collection, where every property offers a unique and unforgettable experience for guests seeking comfort, convenience, and charm. From the cosmopolitan streets of Lisbon to the historic city center of Pamplona, our collection of hotels and hostels promises exceptional accommodations and personalized service. | Hospitality and Tourism | 28/02/2024 10:19 PM | 28/02/2024 10:00 AM | ES | View' rel='' target='_self'>View |
| América Móvil, S.A.B. de C.V. ("América Móvil" or "the Company") stands as one of the foremost telecommunications conglomerates globally, with its roots firmly planted in Mexico. Established in 2000, it emerged from the wireless operations spun off by Teléfonos de México, S.A.B. de C.V. ("Telmex"), a pivotal moment that marked its inception into the competitive telecommunications landscape. | Business Services | 14/02/2024 12:11 PM | 25/01/2024 10:00 AM | MX | View' rel='' target='_self'>View |
| Founded in 1991, Falco Electronics is a prominent designer and manufacturer specializing in a diverse range of magnetic-based electronic components and assemblies. With operations established in the USA, Mexico, China, and India, Falco has been a key player in the industry for over three decades. Renowned for its ability to deliver effective solutions, Falco has earned the status of a preferred supplier in the power conversion, energy metering, and solar inverter sectors. | Technology | 14/02/2024 12:11 PM | 30/01/2024 10:00 AM | MX | View' rel='' target='_self'>View |
| AUSA, established in 1956 by four visionary individuals driven by a passion for engines, has evolved into a global force in compact all-terrain machines. With a profound history and an expansive presence, the company boasts a network of 600 dealers, operating in 90 countries across five continents. | Manufacturing | 31/01/2024 09:06 AM | 11/01/2024 10:00 AM | ES | View' rel='' target='_self'>View |
| Genesis Motors Isuzu UTE, situated in Lilydale, South East Melbourne, Victoria, stands as a premier Isuzu UTE dealership in Australia. Established initially in Ringwood in March 2011, Genesis Motors has rapidly grown under the leadership of Dealer Principal, Sumil Salgadoe, who began his journey with Isuzu UTE Australia in Brisbane in 2008. With a profound belief in the quality and reliability of Isuzu UTE products, Salgadoe ventured to establish Genesis Motors Isuzu UTE, offering the renowned Isuzu D-MAX UTE and Isuzu MU-X SUV. In response to the company's exponential growth in 2016, Genesis Motors expanded its office space, prompting a relocation to Lilydale, Victoria. | Manufacturing | 31/01/2024 09:05 AM | 29/01/2024 10:00 AM | AU | View' rel='' target='_self'>View |
| Established in 1986, CMG Drainage Engineering stands as a prominent Civil Engineering consulting firm nestled in Tucson, Arizona, United States. For over three decades, CMG has been dedicated to providing exceptional water resource engineering services to both public and private sectors across Central and Southern Arizona. Strategically headquartered at 3555 North Mountain Avenue in Tucson, CMG oversees and manages a wide array of projects, offering comprehensive solutions tailored to meet the diverse needs of its clientele. | Business Services | 31/01/2024 09:04 AM | 30/01/2024 10:00 AM | US | View' rel='' target='_self'>View |
| Daher Contracting stands as the foremost excavation and site development contractor serving Okaloosa and Walton County. With roots dating back to January 1998, Daher has consistently upheld a commitment to delivering superior quality, cost-efficient results, and meeting even the most rigorous project schedules. | Business Services | 31/01/2024 09:03 AM | 30/01/2024 10:00 AM | US | View' rel='' target='_self'>View |
| J.F. Lomma, Inc. is a distinguished provider of crane services, offering a wide range of equipment and rigging solutions to meet the evolving needs of the construction industry. With a commitment to excellence and customer satisfaction, J.F. Lomma, Inc. strives to exceed expectations and build long-term relationships with clients. | Business Services | 29/01/2024 06:10 PM | 25/01/2024 10:00 AM | US | View' rel='' target='_self'>View |
| PT Samuel Sekuritas Indonesia (SSI) is a prominent financial advisory company based in Jakarta, Indonesia. Established in 1992, the company operates as a full-service investment bank, offering a wide range of financial services to both institutional and retail clients. SSI adopts a selective approach in choosing its businesses and clients. | Financial | 18/01/2024 11:24 PM | 18/01/2024 11:24 PM | ID | View' rel='' target='_self'>View |
| Premier Facility Management (PFM) stands as a leader in sustainable green programs, offering customized and innovative solutions to meet the demands of today's environmentally conscious market. With a commitment to keeping it green, PFM specializes in sustainable by-product marketing, surplus material exchanges, and global outlets for recyclables. The company, founded in 1987, has built a highly reputable track record of donating reusable items to charity organizations. | Business Services | 18/01/2024 11:24 PM | 18/01/2024 11:24 PM | US | View' rel='' target='_self'>View |
| Fertility North, a leading fertility clinic, boasts a cohesive, multidisciplinary team of approximately 50 highly skilled and qualified staff. The collaborative approach of Fertility Doctors, Fertility Nurses, and Scientists, supported by Administration and Support staff, ensures that patients benefit from a wealth of combined knowledge and skill. Fertility North offers a comprehensive range of treatment options from its custom-designed, state-of-the-art facilities, strategically located away from the hustle and bustle of Perth's inner suburbs. The clinic's core values are deeply rooted in providing individualized care and guidance to patients, reflecting kindness, integrity, teamwork, and excellence. | Healthcare | 18/01/2024 11:23 PM | 18/01/2024 11:23 PM | AU | View' rel='' target='_self'>View |
| Founded in 2006, Vision Plast Group stands as a prominent player in the automotive, industrial, building, and home automation sectors. The group excels in providing comprehensive solutions for the automotive, construction, manufacturing, and home automation industries. With a focus on mono-material, bi-material, and over-molding injection molding products, Vision Plast Group has become synonymous with technical expertise and innovation. | Manufacturing | 18/01/2024 11:22 PM | 18/01/2024 11:22 PM | FR | View' rel='' target='_self'>View |
| 13/10/2023 01:21 PM | 13/10/2023 01:21 PM | View' rel='' target='_self'>View | |||
| 12/10/2023 02:36 PM | 12/10/2023 02:36 PM | View' rel='' target='_self'>View | |||
| Flamingo Holland is a Dutch-based flower company that specializes in growing, exporting, and wholesaling high-quality cut flowers, specifically, roses, peonies, tulips, and other seasonal flowers globally. The company was founded in 1985 and has since then become one of the leading flower companies in the Netherlands. | 01/10/2023 04:36 PM | 01/10/2023 04:36 PM | NL | View' rel='' target='_self'>View | |
| Aria Care Partners is a healthcare provider that offers post-acute care services to patients in Kansas. It was founded in 2016 and is headquartered in Overland Park, KS. Company specializes in post-acute care services such as transitional care, home health, and hospice care. It aims to provide customized care plans to help patients recover, regain independence, and improve their quality of life. | 01/10/2023 04:35 PM | 01/10/2023 04:35 PM | View' rel='' target='_self'>View | ||
| Portesa is a forward-thinking livestock company with a strong commitment to innovation, sustainability, and the circular economy. Company is dedicated to transforming raw materials into high-quality products directly at the source. The company operates in collaboration with Cartesa and Aire Sano, forming an integrated production process that sets the industry benchmark for product traceability throughout Europe. | 01/10/2023 04:34 PM | 01/10/2023 04:34 PM | View' rel='' target='_self'>View | ||
| Grupo Boreal plays a pivotal role in the healthcare industry, extending medical care to over 250,000 beneficiaries across thirteen provinces in the nation. Company is entrusted with the healthcare needs of over 11,000 residents in San Juan. It offers comprehensive coverage at competitive rates. | 01/10/2023 04:33 PM | 01/10/2023 04:33 PM | View' rel='' target='_self'>View | ||
| Quest International is a leading global post-sales service support partner for original equipment manufacturers (OEMs) across various industries, founded in 1982. Company offers services supporting OEM customers through depot repairs, field services, supply-chain logistics, and other professional services. | 01/10/2023 04:33 PM | 01/10/2023 04:33 PM | View' rel='' target='_self'>View | ||
| 15/09/2023 02:38 AM | 15/09/2023 02:38 AM | View' rel='' target='_self'>View | |||
| 13/09/2023 02:43 PM | 13/09/2023 02:43 PM | View' rel='' target='_self'>View | |||
| 05/09/2023 05:42 AM | 05/09/2023 05:42 AM | View' rel='' target='_self'>View | |||
| 05/09/2023 05:42 AM | 05/09/2023 05:42 AM | View' rel='' target='_self'>View | |||
| Public Health Management Corporation (PHMC) is a non-profit organisation providing public health services in Philadelphia, Pennsylvania. It was established in 1972 and has since served as a leading provider of comprehensive health and human services to individuals, families, and communities in the area. | 06/06/2023 09:00 PM | 06/06/2023 09:00 PM | - | ||
| Pacific Union College (PUC) is a private, Seventh-day Adventist college located in Angwin, California. It was established in 1882 and is accredited by the WASC Senior College and University Commission. | 30/05/2023 08:00 PM | 30/05/2023 08:00 PM | - | ||
| Marshall Construction Ltd is a construction company established in 1995. The company is committed to providing high-quality and innovative construction services to its clients. At Marshall Construction Ltd, the emphasis is on building relationships and delivering quality projects. | 26/05/2023 11:59 AM | 26/05/2023 11:59 AM | View' rel='' target='_self'>View | ||
| Leidos Holdings, Inc. is an American defense, aviation, information technology, biomedical research, and engineering company. | 25/05/2023 10:56 AM | 25/05/2023 10:56 AM | - | ||
| Technology and Telecommunications Consultants Inc (TTC) is a US-based consulting firm that specializes in providing technology and telecommunications solutions to businesses across different industries. | 22/05/2023 09:59 AM | 22/05/2023 09:59 AM | - | ||
| Rolser is a Spanish company that manufactures and sells a wide range of shopping trolleys, bags, and accessories. The company was founded in 1965 and has since then become a popular brand among customers who prioritize functionality, convenience, and style. | 19/05/2023 01:54 PM | 19/05/2023 01:54 PM | - | ||
| Lolaico Impianti is a leading engineering and construction company based in Italy. It was founded in 1975 by Pietro Lolaico | 18/05/2023 11:54 AM | 18/05/2023 11:54 AM | IT | - | |
| Feit Electric is a leading lighting manufacturer and distributor in California, United States known for its energy-efficient and high-quality LED lighting solutions. | 16/05/2023 11:56 AM | 16/05/2023 11:56 AM | US | - | |
| Accudo Investments LTD is a private limited company registered in the United Kingdom. It specializes in providing financial and investment services to its clients. | 15/05/2023 04:56 PM | 15/05/2023 04:56 PM | GB | - | |
| Treadwell Tamplin is an accounting firm that provides a range of financial services to individuals and businesses in the San Francisco Bay area. The company's team of accounting and tax professionals has extensive knowledge in their respective fields and is committed to delivering personalized services to their clients. | 13/05/2023 07:55 PM | 13/05/2023 07:55 PM | - | ||
| Axiom Professional Solutions providing comprehensive recruiting, placement and staffing services for a variety of positions within the automotive industry and light industrial sectors. | 11/05/2023 09:54 AM | 11/05/2023 09:54 AM | View' rel='' target='_self'>View | ||
| Fresh Insurance IT Services is a UK-based company that specializes in providing innovative technology solutions for the insurance industry. The company’s portfolio of services includes insurance software development, web and mobile application development, IT consulting and outsourcing, and digital marketing services. | 09/05/2023 11:54 AM | 09/05/2023 11:54 AM | - | ||
| Treadwell Tamplin is an accounting firm that provides a range of financial services to individuals and businesses in the San Francisco Bay area. The company's team of accounting and tax professionals has extensive knowledge in their respective fields and is committed to delivering personalized services to their clients. With their expertise and dedication, Treadwell Tamplin helps businesses and individuals achieve their financial goals. By acquiring this company's confidential data, you will get access to valuable information that can help you grow your business. You will learn about the company's strategies, strengths, weaknesses, opportunities and threats. You will also discover the needs, pain points, motivations and behaviors of its customers. You will be able to use this information to create better products and services, target the right prospects, craft compelling sales pitches and close more deals. | 18/04/2023 06:01 PM | 18/04/2023 06:01 PM | View' rel='' target='_self'>View | ||
| McKinney Trailers is a leading transportation equipment and trailer manufacturer in the United States. The company operates several manufacturing plants and retail locations across the United States, providing customers with easy access to their products and services. Their diverse range of products includes dry and refrigerated trailers, flatbed and drop-deck trailers, intermodal chassis, and specialty trailers. | 17/04/2023 07:17 PM | 17/04/2023 07:17 PM | US | View' rel='' target='_self'>View | |
| Albany Clinic is a medical center that provides family doctors, specialists, speciality services, diagnostic services and walk-in clinic in Australia. It offers a range of services such as general practice, skin cancer checks, travel medicine, immunisations and more. It has been serving the community for 30 years and prides itself on providing medical care with experience, empathy, understanding and consistency. | 17/04/2023 07:17 PM | 11/04/2023 04:48 PM | AU | View' rel='' target='_self'>View | |
| L’Office Notarial de Baillargues is a notarial office that provides legal advice and services in various fields of law, such as family and inheritance law, urban planning and construction law, rural and agricultural law, etc. It was founded in 1976 and is located in Baillargues, a commune in the Montpellier Métropole in southern France. | 17/04/2023 07:17 PM | 17/04/2023 07:17 PM | FR | View' rel='' target='_self'>View | |
| Winter Park Construction (WPC) is a well-established company that has been providing general contractor, pre-construction, construction management and renovation services to Central Florida and the southeast United States since 1974. With over $200M in projects set for completion in 2020 and employment for 140+ full-time employees, WPC has established itself as a leader in the construction industry. | 17/04/2023 07:17 PM | 17/04/2023 07:17 PM | US | View' rel='' target='_self'>View | |
| Amouage is a High Perfumery House renowned for creating some of the most finely crafted perfumes in the world. Founded in the Sultanate of Oman in 1983 to be ‘The Gift of Kings’, the House has redefined the Arabian art of perfumery and garnered a global reputation for bringing innovative modernity and true artistry to all its creations. Masterfully paying tribute to its heritage, Amouage is a unique fusion of East meets West that defines avant-garde opulence. It expresses the contemporary majesty of Oman - a historic trading center for incense and myrrh - around the globe, with arresting and alluring collections that speak to a sophisticated, confident and well-traveled discerning clientele who seek something compellingly precious, extraordinary and personal, every day. | 17/04/2023 07:17 PM | 17/04/2023 07:17 PM | OM | View' rel='' target='_self'>View | |
| Unique Technology, Unique Care. We are proud to offer the latest and greatest in innovative medical imaging services, delivering the fastest and most convenient imaging results, unmatched in South Florida, Latin America and the Caribbean. Our new medical diagnostic imaging equipment can detect pathology and track the effectiveness of treatment that your physician has prescribed. When looking for the right medical imaging or radiology services, look no further than Unique Imaging. 2 Medical imaging centers in Miami conveniently located in Aventura and Miami Beach. Unique Imaging focuses on advance radiology including MRI, CT, US, PET/CT, MRA, CTA, & Echo. Our advanced medical imaging equipment and talented team make us the preferred center for referring physicians. | 17/04/2023 07:17 PM | 17/04/2023 07:17 PM | View' rel='' target='_self'>View |
Known threat actors
Ransomware groups behind the attacks
Below is a breakdown of the most active ransomware groups and the variants driving their attacks.
Post breach actions
-
Call a NCSC Cyber Incident Response approved supplier Some NCSC providers will fund up to 48 hours of investigation into your incident.
-
Report the incident to Report Fraud
-
Locate your business continuity plan Work out what you can do without access to your systems and data.
-
Identify your business insurance contact details
Who are we and what experience do we have in responding to cyber incidents?
We are accredited to ISO 27001 and recognised by the UK’s National Cyber Security Centre (NCSC).
We provide comprehensive cyber risk management services, with a core focus on Digital Forensics and Incident Response (DFIR). Our capabilities are driven by a 24/7 Security Operations Centre and a dedicated in-house intelligence team that delivers timely, actionable threat reporting.
With decades of collective cyber security experience, we have the expertise to assume operational ownership of your entire IT security architecture – simplifying and strengthening cyber security across your business.
As an Assured Service Provider for Cyber Incident Response (CIR) at the Standard Level. This accreditation demonstrates our ability to deliver high-assurance, effective support in response to a wide range of cyber threats.
Your NCSC-approved supplier is a specialist crime scene investigator who will:
- Isolate and preserve your environment for forensic investigation.
- Identify where the data has been duplicated and issue a legal takedown order.
- Identify your data, application and systems restore points. These might be at different points in time and will need to be carefully restored and reconstructed in a pristine environment.
- Liaise with your business insurance company and if needed, with the Police.
- Advise you on notifying your customers of your situation.
- Rebuild your systems, restore your data and get you back to full operation. Note: This process can take between 2 weeks – 2 months.
Working with us
Our response process
Our team are ransomware recovery specialists with a proven, streamlined approach to resolving incidents quickly and effectively.
Step 1: Triage
We deploy our incident response team the same day. From the first call, we begin onboarding, introduce key stakeholders, set communication schedules, and start gathering critical information to guide the response.
Step 2: Investigation
DFIR (Digital Forensic Incident Response) teams investigate breaches to identify vulnerabilities, attack vectors, and system impacts from ransomware such as Data Loss (PII). We deliver clear forensic insights to guide mitigation.
Step 3: Contain
Our onsite and remote teams act fast to stop the attack in its tracks. That includes isolating affected systems, removing malicious code, and putting protections in place to prevent further spread or damage.
Step 4: Remediate & Eradicate
Once contained, we work to fully eliminate the threat. This includes fixing exploited vulnerabilities, restoring systems to a secure state, and ensuring no traces of the attack remain.
Step 5: Recover
Our incident response teams help get your business back to normal. We restore access to systems, recover data, and ensure services are safe, stable, and functioning, with minimal downtime.
Step 6: Post Incident
We conduct a full review of the incident response and recovery efforts. Together we assess what happened, what worked, and what can be improved, helping you build stronger defences for the future.
Forensic analysis to drive recovery
Our process includes a thorough digital forensic analysis from step two where the output becomes a central component of business recovery. This is because understanding the attack is of critical importance:
Informing an initial infection date
The extent and spread of infection
Data exfiltration having an impact on regulatory positions
Ensuring that the attacker and any tooling or artefacts they leave behind are eradicated
It is critical that the analysis of digital evidence is carried out to an agreed plan.
Maximising early root cause discovery and legal leverage
The process is purpose-built to uncover the root cause as early as possible, which is essential to inform remediation / eradication and recovery as well as supporting a legal take-down case if this is applicable. A legal take-down means we can assist in the legal enforcement that stops the criminals from publishing the data, thus undermining the ransom notice.
Our Digital Forensic and Incident Response (DFIR) teams maintain consistent communication throughout. Dedicated Incident Managers and technical engineering leads provide updates during the Cyber Incident Response journey, utilising risk registers and working within change management processes, all from triage through to post-incident, delivering successful business recovery.
Key take aways
- You will not be able to access your systems or data.
- It is advised to disconnect from the internet and shut down your systems, including PCs, to prevent further infections.
- Your Office 365 system might also be compromised, allowing the attackers to monitor your responses. Avoid communicating with individuals through your primary email or team systems.
- Threat actors typically infiltrate your system at least 2-4 weeks before you become aware of the attack. Your data will have already been exfiltrated. If your system is encrypted, this was not an overnight event.
- Ransom demands in the UK typically range from £500,000 to £3 million, with some sectors, like education, facing demands that exceed £5 million
- Paying the ransom may violate financial sanctions, which is a criminal offence and could result in a custodial sentence or further financial penalties.
- If your data is sold or published online, it puts your customers and staff at risk, potentially implicating you in a Data Protection breach.
- You will need to submit a data takedown request to the initial location where the data was transferred.
- Do not overwrite the encrypted data. It is crucial to determine when the infection began and where the data was sent.
- Avoid rebuilding from the latest backup, as it is likely to be infected.
Why should I trust Zensec to do this work rather than my IT team?
A forensic analysis needs to be meticulous and a clean restore and recovery requires a wealth of experience not normally available in an in-house team who must provide a broader range of IT support skills:
Internal IT teams don’t have the necessary skill set to resolve security encryption issues themselves.
IT teams may recover to the same position with indicators of compromise ready to do it again… which can lead to another breach.
Internal teams are pressured to restore business operations and may recover before forensic analysis even begins, potentially destroying the crime scene before completion.
We can help
Frequently asked questions
Key information when you’re under pressure.
Yes. Trigona is a form of ransomware that encrypts data on victim machines using the Advanced Encryption Standard (AES) algorithm.
The Trigona ransomware entered your system by:
Exploiting vulnerabilities
Leveraging valid accounts
Scoping network weaknesses
We recommend you adopt policies to:
Educate your staff on the importance of cyber security and the risks of not complying
Use strong passwords
Multi-factor authentication
Remove old users
Perform regular backups
Deploy timely updates to software and systems
After recovering from a Trigona ransom attack, Zensec recommends that you update your business continuity plan to account for lessons learnt during this attack & recovery.
A ransomware attack presents the most significant threat to your business by:
- Disabling your access to systems, which could hinder machinery operation or impede progress through your business processes.
- Blocking access to critical data concerning suppliers, shipments, customers, orders, or steps in your business workflow.
In the event of a business interruption, identifying your position in the supply chain and sustaining operations can be challenging. If the disruption continues, maintaining business continuity becomes critical. Once systems and data are restored, addressing backlogs and establishing future operational protocols are essential.
Ransomware ranks only behind receivership in terms of its capacity to incapacitate a business.
The NCSC is the UK National Cyber Security Centre. They provide cyber security guidance and support, helping to make the UK the safest place to live and work online. They have defined a Cyber Incident Response procedure and they have approved and accredited suppliers to provide this service.
As a recognised Assured Service Provider by the National Cyber Security Centre (NCSC), Zensec provide comprehensive cyber risk management services that are designed to Protect, Detect & Mitigate cyber security threats across the UK.
Report Fraud is the UK's national reporting centre for fraud and cybercrime. Whether you have been scammed, defrauded, or experienced cybercrime in England, Wales, or Northern Ireland, Report Fraud offers a central point of contact for information on fraud and financially motivated cybercrime.
https://www.reportfraud.police.uk/https://www.actionfraud.police.uk/
Most ransomware breaches cost approx. £500K with smaller email data breaches in the realm of £50K. There is a dichotomy of preserving the environment for forensics or recovering it quickly for less business interruption. The cost increases the longer it takes to identify the breach and resolve it.
A cyber security insurance claim is complex and includes reasonable expenses to investigate and remediate an incident along with cover for legal, business interruption, criminal liability, employment liability and ransom policies. The insurance industry is liable to deliver the business recovery BUT Cyber insurance is viewed as volatile within the industry and many insurance policies are not being validated correctly.
Navigating through this requires expertise, which is where Zensec can help.
Most likely, yes. Some of the lost data might be classified as "Personal Data" for your customers which you are legally obligated to protect. As a ransom attack means this data may have been lost, you hold a legal and moral duty to inform your customers. You also need to inform the Information Commissioner's Office (ICO) at https://ico.org.uk/.
Thankfully your insurer or legal counsel will be able to guide you on what steps to take and how to proceed. Alternatively, Zensec has expertise in collaborating with insurers and lawyers and can aid in handling this relationship during this challenging period.
Dealing with a ransomware attack?
Our ransomware recovery service can help
Our expert team works quickly to contain the breach, recover your data, and restore your systems to full operation. We’ll guide you through every step of the recovery process and help strengthen your defences to prevent future attacks. Regain control with Zensec - trusted support when it matters most.