A previously unnamed ransomware has rebranded under the name ‘Trigona,’ launching a new Tor negotiation site where they accept Monero as ransom payments.
Trigona has been active for some time, with samples seen at the beginning of the year. However, those samples utilized email for negotiations and were not branded under a specific name.
As discovered by MalwareHunterTeam, starting in late October 2022, the ransomware operation launched a new Tor negotiation site where they officially named themselves ‘Trigona.’
As Trigona is the name of a family of large stingless bees, the ransomware operation has adopted a logo showing a person in a cyber bee-like costume, shown below.