Trigona ransomware attacks use custom exfiltration tool to steal data
Summary
The Trigona ransomware group has been observed using a custom command-line tool to exfiltrate data from victim networks. This tool is designed to steal data more quickly and efficiently than previous methods. The attack chain begins with initial access, followed by privilege escalation and lateral movement before data exfiltration and encryption.
IFF Assessment
The deployment of a new, efficient data exfiltration tool by ransomware actors represents an increased threat to defenders, enabling faster data theft.
Defender Context
Defenders should be aware of novel exfiltration techniques employed by ransomware groups like Trigona. Monitoring network traffic for unusual outbound data transfers and ensuring strong endpoint detection and response (EDR) capabilities can help identify and mitigate these threats before significant data loss occurs.