Ransomware

Trigona ransomware claimed to be dismantled by Ukrainian hacktivists

Share

BleepingComputer reports that the Trigona ransomware gang had its operations taken down after its servers were compromised and wiped in an attack claimed by the Ukrainian Cyber Alliance hacktivist group. Exploitation of a critical Confluence Data Center and Server vulnerability, tracked as CVE-2023-22515, enabled UCA hacktivists to infiltrate Trigona's ransomware infrastructure last week without being detected by the ransomware group. Despite moving to protect its publicly exposed infrastructure following the exposure of its internal support documents by a UCA hacker by the name of "herm1t," Trigona had hundreds of gigabytes of data from its admin and victim panels, internal systems, blog, and data leak site, as well as its source code, cryptocurrency hot wallets, developer environment, and database records stolen and later deleted by the hacktivists. Prior to being dismantled, Trigona ransomware compromised Microsoft SQL servers and targeted 15 or more companies across various sectors, including manufacturing and finance.

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds