Ransomware Group

Trigona

Also known as: CryLock 2.0

Status: disrupted • First seen 2022-10200+ known victims

Trigona hackers found weaknesses in websites and databases to break into companies. They demanded payment in Monero, a hard-to-trace cryptocurrency, making it difficult for police to follow the money.

Overview

Trigona was a ransomware operation that targeted organizations through SQL injection vulnerabilities and compromised credentials. The group demanded payment in Monero cryptocurrency, making tracking more difficult.

Target Industries

Technology, Manufacturing, Finance, Retail

How They Attack

  • SQL injection
  • Compromised credentials
  • MS-SQL exploitation
  • Double extortion

Notable Victims

Multiple tech firms (2023), Financial institutions

Is your business exposed?

How to Protect Against Trigona

  1. 1.

    Implement SQL injection protection on all web applications

  2. 2.

    Enforce strong credential policies and MFA

  3. 3.

    Secure MS-SQL servers with firewall rules

MITRE ATT&CK Techniques

T1190, T1078, T1486, T1567

Related Groups

Mallox

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices