The Ukrainian Cyber Alliance Brings Down Leak Site for Trigona Ransomware
The Ukrainian Cyber Alliance (UCA), a group of pro-Ukraine hacktivists, has claimed responsibility for taking down the leak site operated by the Trigona ransomware group. A spokesperson for a Ukrainian hacktivist group known by the online alias "herm1t," revealed in a Facebook post and on X, that the hacktivists executed a multifaceted operation. This involved wiping out Trigona's servers, defacing the ransomware gang's website, and exfiltrating critical data pertaining to their cybercriminal activities. "herm1t" further stated that the entirety of Trigona's infrastructure has been obliterated, listing compromises to the ransomware gang's administrative panel, landing page, blog, internal server, cryptocurrency wallets, and developer servers.
In a symbolic twist, the UCA treated Trigona in a manner similar to how the gang treated its victims, as stated by "herm1t": "Welcome to the world you created for others!" This operation, orchestrated by the UCA, effectively disrupted the activities of Trigona Leaks, a dark web "name-and-shame" extortion blog linked to the Trigona ransomware group. The website had previously advertised stolen data from victims in the U.S. and Europe. "herm1t" indicated that the UCA intends to review the acquired data and may consider sharing it with other researchers in the future.
The Trigona ransomware family, first identified in June 2022, was observed as a steadily growing ransomware gang. In June 2023, Trend Micro discovered the gang deploying Windows and Linux versions of the ransomware encryptor. Their attacks stretched worldwide with the United States and India discovered to be the most impacted. Trend Micro researchers also noted a potential connection between Trigona and the Russia-linked AlphV group, although the nature of this association remains uncertain.In a streak of victories against ransomware gangs, an international law enforcement operation has successfully taken down extortion sites utilized by the Ragnar locker ransomware gang.