Ransomware Group:  
Trigona



Sponsored by Hudson RockUse Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are impacting your business


Sites | External Information | Tools | Ransom Note(s) | Activity | Worldmap | Victims (49)

According to PCrisk, Trigona is ransomware that encrypts files and appends the ._locked extension to filenames. Also, it drops the how_to_decrypt.hta file that opens a ransom note. An example of how Trigona renames files: it renames 1.jpg to 1.jpg._locked, 2.png to 2.png._locked, and so forth.It embeds the encrypted decryption key, the campaign ID, and the victim ID in the encrypted files.


Sites

Title Available Last Visit FQDN Screenshot
Trigona is Gone 🔴 2023-10-18 06:56:41.411107 3x55o3u2b7cjs54eifja5m3ottxntlubhjzt6k6htp5nrocjmsxxh7ad.onion N/A
Blog 🔴 2023-06-26 10:51:25.916035 6n5tfadusp4sarzuxntz34q4ohspiaya2mc6aw6uhlusfqfsdomavyyd.onion N/A
Trigona is Gone 🔴 2023-10-18 06:57:12.690779 trigonax2zb3fw34rbaap4cqep76zofxs53zakrdgcxzq6xzt24l5lqd.onion N/A
Blog 🔴 2024-04-10 20:59:29.133783 krsbhaxbki6jr4zvwblvkaqzjkircj7cxf46qt3na5o5sj2hpikbupqd.onion N/A

External information

Tools used

Discovery RMM Tools Defense Evasion Credential Theft OffSec Networking LOLBAS Exfiltration
Advanced Port Scanner AnyDesk Mimikatz Cobalt Strike MEGA
SoftPerfect NetScan LogMeIn RClone
ScreenConnect
Splashtop
TeamViewer

This information is provided by Ransomware-Tool-Matrix

Ransom Note(s)

Activity over time

Worldmap

49 Victims

MX flag

Claro 

Company logo
Ransomware Group:

Discovery Date: 2024-03-30 17:55

Claro, a subsidiary of América Móvil, stands at the forefront of telecommunications innovation, recognizing the vital role of connectivity in shaping a better world. Originating from a public telephone company, Claro has evolved into a global connectivity, communication, and Information Technology solutions provider, driven by a commitment to continuous innovation and customer-centric services.

Victim:   |  Group: 
CN flag

South Star Electronics 

Company logo
Ransomware Group:

Discovery Date: 2024-03-20 01:21

Sector: Technology
South Star Electronics Co., Ltd. is a prominent electronics company based in Dongguan City, China. Specializing in the design, manufacturing, and distribution of electronic products, SouthStar Electronics has established itself as a leading player in the industry.

Victim:   |  Group: 
ID flag

Indoarsip 

Company logo
Ransomware Group:

Discovery Date: 2024-03-16 19:21

Indoarsip is a leading provider of archival solutions, dedicated to preserving and managing critical documents and records for organizations across Indonesia. With a strong presence in the archiving industry, Indoarsip offers comprehensive services and innovative technologies to meet the diverse needs of its clients.

Victim:   |  Group: 
PT flag

Bwizer 

Company logo
Ransomware Group:

Discovery Date: 2024-03-16 19:20

Sector: Healthcare
Bwizer is a prominent entity known for its dedication to advancing the fields of healthcare and wellness education. With a stronghold in Portugal, Bwizer has emerged as a leading platform providing comprehensive educational resources and training programs tailored to professionals in the healthcare and wellness sectors. Founded with a vision to bridge the gap between traditional education and the evolving needs of modern healthcare practices, Bwizer offers a diverse range of courses, workshops, and events designed to empower professionals with the latest knowledge and skills.

Victim:   |  Group: 
NZ flag

Topa Partners 

Company logo
Ransomware Group:

Discovery Date: 2024-03-16 17:49

Sector: Not Found
Topa Electrical, led by Electrical Inspector Jeff Zhao, boasts a rich legacy of over a decade in providing top-notch electrical services to the Canterbury region in New Zealand. With a steadfast commitment to excellence and a focus on building enduring relationships with clients, Topa Electrical has emerged as a trusted name in the industry.

Victim:   |  Group: 
US flag

ATMCo 

Company logo
Ransomware Group:

Discovery Date: 2024-03-15 16:19
Estimated Attack Date: 2024-02-21

Sector: Technology
ATMCo is a reputable tax management company based in Broken Arrow, Oklahoma. With a commitment to simplifying tax-related processes for businesses and individuals, ATMCo offers comprehensive services in tax preparation, bookkeeping, and accounting. Company is headquartered at 2220 W Houston St Ste A, Broken Arrow, Oklahoma. Situated in a convenient location, the company is easily accessible to clients seeking professional tax management services.

Victim:   |  Group: 
IT flag

Dinamic Oil 

Company logo
Ransomware Group:

Discovery Date: 2024-02-28 23:51

Established in 1970, Dinamic Oil S.p.A. is a renowned Italian manufacturer specializing in hoisting winches and planetary gearboxes. With its headquarters in Modena, the company has flourished over the years, solidifying its position in the global market through three production units, eight subsidiaries across Europe, the Americas, and Asia, and an extensive network of distributors worldwide.

Victim:   |  Group: 
ES flag

Hotel Avenida, Hostal Espoz y Mina, Hostal Arriazu, Pension Alemana 

Company logo
Ransomware Group:

Discovery Date: 2024-02-28 22:19

Welcome to the Boutique Hospitality Collection, where every property offers a unique and unforgettable experience for guests seeking comfort, convenience, and charm. From the cosmopolitan streets of Lisbon to the historic city center of Pamplona, our collection of hotels and hostels promises exceptional accommodations and personalized service.

Victim:   |  Group: 
MX flag

America Movil 

Company logo
Ransomware Group:

Discovery Date: 2024-02-14 12:11
Estimated Attack Date: 2024-01-25

América Móvil, S.A.B. de C.V. ("América Móvil" or "the Company") stands as one of the foremost telecommunications conglomerates globally, with its roots firmly planted in Mexico. Established in 2000, it emerged from the wireless operations spun off by Teléfonos de México, S.A.B. de C.V. ("Telmex"), a pivotal moment that marked its inception into the competitive telecommunications landscape.

Victim:   |  Group: 
MX flag

FALCO Electronics 

Company logo
Ransomware Group:

Discovery Date: 2024-02-14 12:11
Estimated Attack Date: 2024-01-30

Sector: Technology
Founded in 1991, Falco Electronics is a prominent designer and manufacturer specializing in a diverse range of magnetic-based electronic components and assemblies. With operations established in the USA, Mexico, China, and India, Falco has been a key player in the industry for over three decades. Renowned for its ability to deliver effective solutions, Falco has earned the status of a preferred supplier in the power conversion, energy metering, and solar inverter sectors.

Victim:   |  Group: 
ES flag

Ausa 

Company logo
Ransomware Group:

Discovery Date: 2024-01-31 09:06
Estimated Attack Date: 2024-01-11

AUSA, established in 1956 by four visionary individuals driven by a passion for engines, has evolved into a global force in compact all-terrain machines. With a profound history and an expansive presence, the company boasts a network of 600 dealers, operating in 90 countries across five continents.

Victim:   |  Group: 
AU flag

Genesis Motors 

Company logo
Ransomware Group:

Discovery Date: 2024-01-31 09:05
Estimated Attack Date: 2024-01-29

Genesis Motors Isuzu UTE, situated in Lilydale, South East Melbourne, Victoria, stands as a premier Isuzu UTE dealership in Australia. Established initially in Ringwood in March 2011, Genesis Motors has rapidly grown under the leadership of Dealer Principal, Sumil Salgadoe, who began his journey with Isuzu UTE Australia in Brisbane in 2008. With a profound belief in the quality and reliability of Isuzu UTE products, Salgadoe ventured to establish Genesis Motors Isuzu UTE, offering the renowned Isuzu D-MAX UTE and Isuzu MU-X SUV. In response to the company's exponential growth in 2016, Genesis Motors expanded its office space, prompting a relocation to Lilydale, Victoria.

Victim:   |  Group: 
US flag

CMG Drainage Engineering 

Company logo
Ransomware Group:

Discovery Date: 2024-01-31 09:04
Estimated Attack Date: 2024-01-30

Sector: Construction
Established in 1986, CMG Drainage Engineering stands as a prominent Civil Engineering consulting firm nestled in Tucson, Arizona, United States. For over three decades, CMG has been dedicated to providing exceptional water resource engineering services to both public and private sectors across Central and Southern Arizona. Strategically headquartered at 3555 North Mountain Avenue in Tucson, CMG oversees and manages a wide array of projects, offering comprehensive solutions tailored to meet the diverse needs of its clientele.

Victim:   |  Group: 
US flag

Daher Contracting 

Company logo
Ransomware Group:

Discovery Date: 2024-01-31 09:03
Estimated Attack Date: 2024-01-30

Sector: Construction
Daher Contracting stands as the foremost excavation and site development contractor serving Okaloosa and Walton County. With roots dating back to January 1998, Daher has consistently upheld a commitment to delivering superior quality, cost-efficient results, and meeting even the most rigorous project schedules.

Victim:   |  Group: 
US flag

Lomma Crane & Rigging 

Company logo
Ransomware Group:

Discovery Date: 2024-01-29 18:10
Estimated Attack Date: 2024-01-25

Sector: Construction
J.F. Lomma, Inc. is a distinguished provider of crane services, offering a wide range of equipment and rigging solutions to meet the evolving needs of the construction industry. With a commitment to excellence and customer satisfaction, J.F. Lomma, Inc. strives to exceed expectations and build long-term relationships with clients.

Victim:   |  Group: 
ID flag

Samuel Sekuritas Indonesia & Samuel Aset Manajemen 

Company logo
Ransomware Group:

Discovery Date: 2024-01-18 23:24

PT Samuel Sekuritas Indonesia (SSI) is a prominent financial advisory company based in Jakarta, Indonesia. Established in 1992, the company operates as a full-service investment bank, offering a wide range of financial services to both institutional and retail clients. SSI adopts a selective approach in choosing its businesses and clients.

Victim:   |  Group: 
US flag

Premier Facility Management 

Company logo
Ransomware Group:

Discovery Date: 2024-01-18 23:24

Premier Facility Management (PFM) stands as a leader in sustainable green programs, offering customized and innovative solutions to meet the demands of today's environmentally conscious market. With a commitment to keeping it green, PFM specializes in sustainable by-product marketing, surplus material exchanges, and global outlets for recyclables. The company, founded in 1987, has built a highly reputable track record of donating reusable items to charity organizations.

Victim:   |  Group: 
AU flag

Fertility North 

Company logo
Ransomware Group:

Discovery Date: 2024-01-18 23:23

Sector: Healthcare
Fertility North, a leading fertility clinic, boasts a cohesive, multidisciplinary team of approximately 50 highly skilled and qualified staff. The collaborative approach of Fertility Doctors, Fertility Nurses, and Scientists, supported by Administration and Support staff, ensures that patients benefit from a wealth of combined knowledge and skill. Fertility North offers a comprehensive range of treatment options from its custom-designed, state-of-the-art facilities, strategically located away from the hustle and bustle of Perth's inner suburbs. The clinic's core values are deeply rooted in providing individualized care and guidance to patients, reflecting kindness, integrity, teamwork, and excellence.

Victim:   |  Group: 
FR flag

Vision Plast 

Company logo
Ransomware Group:

Discovery Date: 2024-01-18 23:22

Founded in 2006, Vision Plast Group stands as a prominent player in the automotive, industrial, building, and home automation sectors. The group excels in providing comprehensive solutions for the automotive, construction, manufacturing, and home automation industries. With a focus on mono-material, bi-material, and over-molding injection molding products, Vision Plast Group has become synonymous with technical expertise and innovation.

Victim:   |  Group: 
 flag

Alconex Specialty Products 

Company logo
Ransomware Group:

Discovery Date: 2023-10-13 13:21

Sector:

Victim:   |  Group: 
 flag

FPZ 

Company logo
Ransomware Group:

Discovery Date: 2023-10-12 14:36

Sector:

Victim:   |  Group: 
NL flag

Flamingo Holland 

Company logo
Ransomware Group:

Discovery Date: 2023-10-01 16:36

Sector:
Flamingo Holland is a Dutch-based flower company that specializes in growing, exporting, and wholesaling high-quality cut flowers, specifically, roses, peonies, tulips, and other seasonal flowers globally. The company was founded in 1985 and has since then become one of the leading flower companies in the Netherlands.

Victim:   |  Group: 
 flag

Aria Care Partners 

Company logo
Ransomware Group:

Discovery Date: 2023-10-01 16:35

Sector:
Aria Care Partners is a healthcare provider that offers post-acute care services to patients in Kansas. It was founded in 2016 and is headquartered in Overland Park, KS. Company specializes in post-acute care services such as transitional care, home health, and hospice care. It aims to provide customized care plans to help patients recover, regain independence, and improve their quality of life.

Victim:   |  Group: 
 flag

Portesa 

Company logo
Ransomware Group:

Discovery Date: 2023-10-01 16:34

Sector:
Portesa is a forward-thinking livestock company with a strong commitment to innovation, sustainability, and the circular economy. Company is dedicated to transforming raw materials into high-quality products directly at the source. The company operates in collaboration with Cartesa and Aire Sano, forming an integrated production process that sets the industry benchmark for product traceability throughout Europe.

Victim:   |  Group: 
 flag

Grupo Boreal 

Company logo
Ransomware Group:

Discovery Date: 2023-10-01 16:33

Sector:
Grupo Boreal plays a pivotal role in the healthcare industry, extending medical care to over 250,000 beneficiaries across thirteen provinces in the nation. Company is entrusted with the healthcare needs of over 11,000 residents in San Juan. It offers comprehensive coverage at competitive rates.

Victim:   |  Group: 
 flag

Quest International 

Company logo
Ransomware Group:

Discovery Date: 2023-10-01 16:33

Sector:
Quest International is a leading global post-sales service support partner for original equipment manufacturers (OEMs) across various industries, founded in 1982. Company offers services supporting OEM customers through depot repairs, field services, supply-chain logistics, and other professional services.

Victim:   |  Group: 
 flag

Steelforce 

Company logo
Ransomware Group:

Discovery Date: 2023-09-15 02:38

Sector:

Victim:   |  Group: 
 flag

Cedar Holdings 

Company logo
Ransomware Group:

Discovery Date: 2023-09-13 14:43

Sector:

Victim:   |  Group: 
 flag

Unimed 

Company logo
Ransomware Group:

Discovery Date: 2023-09-05 05:42

Sector:

Victim:   |  Group: 
 flag

Cyberport 

Company logo
Ransomware Group:

Discovery Date: 2023-09-05 05:42

Sector:

Victim:   |  Group: 
 flag

Public Health Management Corporation 

Company logo
Ransomware Group:

Discovery Date: 2023-06-06 21:00

Sector:
Public Health Management Corporation (PHMC) is a non-profit organisation providing public health services in Philadelphia, Pennsylvania. It was established in 1972 and has since served as a leading provider of comprehensive health and human services to individuals, families, and communities in the area.

Victim:   |  Group: 
 flag

Pacific Union College 

Company logo
Ransomware Group:

Discovery Date: 2023-05-30 20:00

Sector:
Pacific Union College (PUC) is a private, Seventh-day Adventist college located in Angwin, California. It was established in 1882 and is accredited by the WASC Senior College and University Commission.

Victim:   |  Group: 
 flag

Marshall Construction Ltd 

Company logo
Ransomware Group:

Discovery Date: 2023-05-26 11:59

Sector:
Marshall Construction Ltd is a construction company established in 1995. The company is committed to providing high-quality and innovative construction services to its clients. At Marshall Construction Ltd, the emphasis is on building relationships and delivering quality projects.

Victim:   |  Group: 
 flag

Leidos 

Company logo
Ransomware Group:

Discovery Date: 2023-05-25 10:56

Sector:
Leidos Holdings, Inc. is an American defense, aviation, information technology, biomedical research, and engineering company.

Victim:   |  Group: 
 flag

Technology and Telecommunications Consultants Inc 

Company logo
Ransomware Group:

Discovery Date: 2023-05-22 09:59

Sector:
Technology and Telecommunications Consultants Inc (TTC) is a US-based consulting firm that specializes in providing technology and telecommunications solutions to businesses across different industries.

Group: 
 flag

Rolser 

Company logo
Ransomware Group:

Discovery Date: 2023-05-19 13:54

Sector:
Rolser is a Spanish company that manufactures and sells a wide range of shopping trolleys, bags, and accessories. The company was founded in 1965 and has since then become a popular brand among customers who prioritize functionality, convenience, and style.

Victim:   |  Group: 
IT flag

Lolaico Impianti 

Company logo
Ransomware Group:

Discovery Date: 2023-05-18 11:54

Sector:
Lolaico Impianti is a leading engineering and construction company based in Italy. It was founded in 1975 by Pietro Lolaico

Group: 
US flag

Feit Electric 

Company logo
Ransomware Group:

Discovery Date: 2023-05-16 11:56

Sector:
Feit Electric is a leading lighting manufacturer and distributor in California, United States known for its energy-efficient and high-quality LED lighting solutions.

Victim:   |  Group: 
GB flag

Accudo Investments LTD 

Company logo
Ransomware Group:

Discovery Date: 2023-05-15 16:56

Sector:
Accudo Investments LTD is a private limited company registered in the United Kingdom. It specializes in providing financial and investment services to its clients.

Group: 
 flag

TTCCPA 

Company logo
Ransomware Group:

Discovery Date: 2023-05-13 19:55

Sector:
Treadwell Tamplin is an accounting firm that provides a range of financial services to individuals and businesses in the San Francisco Bay area. The company's team of accounting and tax professionals has extensive knowledge in their respective fields and is committed to delivering personalized services to their clients.

Group: 
 flag

Axiom Professional Solutions 

Company logo
Ransomware Group:

Discovery Date: 2023-05-11 09:54

Sector:
Axiom Professional Solutions providing comprehensive recruiting, placement and staffing services for a variety of positions within the automotive industry and light industrial sectors.

Victim:   |  Group: 
 flag

Fresh Insurance IT Services 

Company logo
Ransomware Group:

Discovery Date: 2023-05-09 11:54

Sector:
Fresh Insurance IT Services is a UK-based company that specializes in providing innovative technology solutions for the insurance industry. The company’s portfolio of services includes insurance software development, web and mobile application development, IT consulting and outsourcing, and digital marketing services.

Group: 
 flag

Treadwell, Tamplin & Company, Certified Public Accountants, Madison, GA 

Company logo
Ransomware Group:

Discovery Date: 2023-04-18 18:01

Sector:
Treadwell Tamplin is an accounting firm that provides a range of financial services to individuals and businesses in the San Francisco Bay area. The company's team of accounting and tax professionals has extensive knowledge in their respective fields and is committed to delivering personalized services to their clients. With their expertise and dedication, Treadwell Tamplin helps businesses and individuals achieve their financial goals. By acquiring this company's confidential data, you will get access to valuable information that can help you grow your business. You will learn about the company's strategies, strengths, weaknesses, opportunities and threats. You will also discover the needs, pain points, motivations and behaviors of its customers. You will be able to use this information to create better products and services, target the right prospects, craft compelling sales pitches and close more deals.

Victim:   |  Group: 
US flag

McKinney Trailers 

Company logo
Ransomware Group:

Discovery Date: 2023-04-17 19:17

Sector:
McKinney Trailers is a leading transportation equipment and trailer manufacturer in the United States. The company operates several manufacturing plants and retail locations across the United States, providing customers with easy access to their products and services. Their diverse range of products includes dry and refrigerated trailers, flatbed and drop-deck trailers, intermodal chassis, and specialty trailers.

Victim:   |  Group: 
AU flag

Albany Clinic 

Company logo
Ransomware Group:

Discovery Date: 2023-04-17 19:17
Estimated Attack Date: 2023-04-11

Sector:
Albany Clinic is a medical center that provides family doctors, specialists, speciality services, diagnostic services and walk-in clinic in Australia. It offers a range of services such as general practice, skin cancer checks, travel medicine, immunisations and more. It has been serving the community for 30 years and prides itself on providing medical care with experience, empathy, understanding and consistency.

Victim:   |  Group: 
FR flag

Office Notarial de Baillargues 

Company logo
Ransomware Group:

Discovery Date: 2023-04-17 19:17

Sector:
L’Office Notarial de Baillargues is a notarial office that provides legal advice and services in various fields of law, such as family and inheritance law, urban planning and construction law, rural and agricultural law, etc. It was founded in 1976 and is located in Baillargues, a commune in the Montpellier Métropole in southern France.

Victim:   |  Group: 
US flag

Winter Park Construction 

Company logo
Ransomware Group:

Discovery Date: 2023-04-17 19:17

Sector:
Winter Park Construction (WPC) is a well-established company that has been providing general contractor, pre-construction, construction management and renovation services to Central Florida and the southeast United States since 1974. With over $200M in projects set for completion in 2020 and employment for 140+ full-time employees, WPC has established itself as a leader in the construction industry.

Victim:   |  Group: 
OM flag

Amouage 

Company logo
Ransomware Group:

Discovery Date: 2023-04-17 19:17

Sector:
Amouage is a High Perfumery House renowned for creating some of the most finely crafted perfumes in the world. Founded in the Sultanate of Oman in 1983 to be ‘The Gift of Kings’, the House has redefined the Arabian art of perfumery and garnered a global reputation for bringing innovative modernity and true artistry to all its creations. Masterfully paying tribute to its heritage, Amouage is a unique fusion of East meets West that defines avant-garde opulence. It expresses the contemporary majesty of Oman - a historic trading center for incense and myrrh - around the globe, with arresting and alluring collections that speak to a sophisticated, confident and well-traveled discerning clientele who seek something compellingly precious, extraordinary and personal, every day.

Victim:   |  Group: 
 flag

Unique Imaging 

Company logo
Ransomware Group:

Discovery Date: 2023-04-17 19:17

Sector:
Unique Technology, Unique Care. We are proud to offer the latest and greatest in innovative medical imaging services, delivering the fastest and most convenient imaging results, unmatched in South Florida, Latin America and the Caribbean. Our new medical diagnostic imaging equipment can detect pathology and track the effectiveness of treatment that your physician has prescribed. When looking for the right medical imaging or radiology services, look no further than Unique Imaging. 2 Medical imaging centers in Miami conveniently located in Aventura and Miami Beach. Unique Imaging focuses on advance radiology including MRI, CT, US, PET/CT, MRA, CTA, & Echo. Our advanced medical imaging equipment and talented team make us the preferred center for referring physicians.

Victim:   |  Group: