According to Cointelegraph, a United States government agency has issued a warning about a threat actor known for extorting victims by demanding cryptocurrency payments in exchange for not leaking accessed data. On October 4, the United States Health Sector Cybersecurity Coordination Center (HC3) released a detailed profile on Trinity ransomware, a relatively new threat targeting sensitive data. The HC3 reported that attackers use phishing emails, malicious websites, and software vulnerabilities to trick victims into installing the ransomware on their computers.
Once installed, the ransomware searches the computer for sensitive information, collects it, and sends it to the hackers. Additionally, the ransomware encrypts the victim’s files using an algorithm, rendering them unusable. After encrypting the files, the ransomware generates a ransom note informing victims that their data has been extracted and encrypted. The note demands payment in cryptocurrency in exchange for a decryption key.
The ransom note also warns victims that they have 24 hours to pay the hackers in cryptocurrencies, or their data will be leaked. The HC3 stated, “Victims have 24 hours to contact the cybercriminals, and failure to do so will result in the stolen data being leaked or sold. Unfortunately, no known decryption tools are currently available for Trinity ransomware, leaving victims with few options.”
The HC3 noted that Trinity ransomware targets critical infrastructure, including healthcare providers. The agency reported that seven organizations had fallen victim to the ransomware, including at least one healthcare entity in the United States. The HC3 emphasized the severity of the threat posed by Trinity ransomware to critical infrastructure.
In related news, Chainalysis’ 2024 Crypto Crime Report revealed that in 2023, high-profile institutions and infrastructure paid approximately $1.1 billion in cryptocurrency to ransomware attackers. The report highlighted that various actors, ranging from individuals and smaller crime groups to large-scale syndicates, carried out these attacks. It also noted that 538 new ransomware variants were created in 2023, with large companies like the BBC and British Airways among the targets.