Arete, a US-based cyber risk management company, has said that a new Trigona ransomware threat group is becoming active. 

Arete says there might be a connection between Trigona and ALPHV, indicating the possibility of some administrative collaboration between the two highly sophisticated threat actors.

“There is a strong possibility that Trigona is leveraging ALPHV’s reputation and data leak site as a pressure tactic,” Arete has said in a report. 

Also read: Only 24% of businesses in India are ready to defend against cybersecurity threats: Cisco

Modus operandi

Trigona allows threat actors to gain control over systems compromised by the introduction of malicious codes. They can then upload and execute arbitrary files and remote code execution on the affected installations of host systems.

“Once the threat network is identified, a PowerShell command downloads a file to install the ScreenConnect remote desktop tool,” it said.

Quoting a CERT-In report, it said ransomware attacks in India registered a 51 per cent increase in H1 FY23.

Also read: No. of cyber attacks on Indian entities far surpasses global average

The cybersecurity solutions company wanted the organisations to backup the data.

“It is the first step towards protecting and ensuring business continuity. However, they need to test the backup at regular intervals,” it said.

“Maintaining adequate network hygiene, including facets like Multi-Factor-Authentication (MFA), potent password combination and rotation, is also important,” it said.