A United States government agency has warned about a threat actor known for extorting its victims, demanding payment in crypto in exchange for not leaking data they accessed using several attack vectors. 

On Oct. 4, the United States Health Sector Cybersecurity Coordination Center (HC3) published an in-depth profile for Trinity ransomware, a relatively new threat that targets sensitive data. According to the HC3, the attackers use phishing emails, malicious websites and software vulnerabilities to get their victims to install the ransomware on their computers. 

It then searches the computer for sensitive information, collects it, and sends it to hackers. In addition, the ransomware also encrypts the victim’s files using an algorithm, rendering them useless. 

After encrypting the files, the ransomware generates a ransom note, telling its victims that it has already extracted and encrypted their data. The note also demands payment in exchange for a decryption key. 

Hackers threaten victims to pay within 24 hours

The note would also tell victims they have 24 hours to pay the hackers in cryptocurrencies. Otherwise, their data would be leaked. HC3 wrote: 

“Victims have 24 hours to contact the cybercriminals, and failure to do so will result in the stolen data being leaked or sold. Unfortunately, no known decryption tools are currently available for Trinity ransomware, leaving victims with few options.”

The HC3 said the Trinity ransomware targeted critical infrastructure, such as healthcare providers. The government agency said that seven organizations had fallen victim to the ransomware. “HC3 is aware of at least one healthcare entity in the United States that has fallen victim to Trinity ransomware recently,” HC3 reported. 

Ransomware crypto payments reached $1 billion in 2023

Chainalysis’ 2024 Crypto Crime Report showed that in 2023, high-profile institutions and infrastructure had paid about $1.1 billion in crypto to ransomware attackers. The report said many actors carried out attacks last year, ranging from individuals and smaller crime groups to large-scale syndicates. 

The report also said that 538 new ransomware variants were created in 2023 and that large companies like the BBC and British Airways were targeted.


Magazine: Asia Express: WazirX hackers prepped 8 days before attack, swindlers fake fiat for USDT