This weekend the HackManac cybersecurity system was set up warning of* a cyber attack that supposedly affected the Spanish Tax Agency (AEAT). According to this intent, 560 GB of data were stolen and encrypted with a ransom called Trinity. The description included the amount, $38 million – probably the asking price – and the date, December 31, 2014, midnight – theoretically notified of the payment before publishing/selling the information. But what is the trinity?
Trinity. This price she was caught first in May 2024. Like other cyberattacks of this type, this malware is capable of encrypting data so that its owners cannot access or use it. In this case the affected files are finally named with the extension “.trinitylock”
How it works. This malicious software infiltrates systems through various attack vectors such as phishing, malicious websites or exploiting vulnerable software. From there, the ransomware collects data from the system it infiltrates (known processes, connected units) and tries to gain privileges, trying to “sneak” into the legitimate process. Once access is gained, it attempts to spread through networks to attack multiple systems.
It’s not just encrypted, it’s also stolen. As has been said in Hive ProOnce Trinity has managed to infect a system, the ransomware does two things: first, it steals the data it encrypts so that it remains in the cyber attacker’s possession. Second, it encrypts with an encryption algorithm that makes the data useless on the victim’s system unless a decryption key is used.
Similar to others known. The Trinity seems to bear a resemblance to Venus and the 2023 Lock redemption. For example, Trinity and Venus use an encryption algorithm called ChaCha20and shares, for example, the type of messages that attackers get when using 2023Lock, which seems to indicate that Trinity is a “fork” of these malicious applications. Trinity, complete with an attack, displays a ransom note in text and in HTML format (HTML), and also changes the Windows registry by changing the operating system.
At the moment there is no solution. Currently, there are no tools known to mitigate this type of ransomware, which leaves victims with few options. As has been said on WatchGuardCybercriminals who use this software demand a ransom payment in the form of cryptocurrency. To communicate with them, they leave an email address or even provide a contact option through the URL. of the deep Web (.onion) that can be visited with a Tor browser.
In Xataka | LockBit was the most dangerous ransomware group in the world. Your plane was captured in Madrid