TrinityLock Ransomware | WatchGuard Technologies

Aliases

Trinity

Decryptor Available

No

Description

This entry is under construction. However, we have included some details below.

Ransomware Type

Crypto-Ransomware

Data Broker

First Seen

Maggio 2024

Lineage

2023Lock

Extortion Links

Medio

Link

Clearnet

http://trinitylock.io

TOR

http://txtggyng5euqkyzl2knbejwpm4rlq575jn2egqldu27osbqytrj6ruyd.onion

Extortion Types

Direct Extortion

Double Extortion

Communication

Medio

Identificativo

Email

wehaveyourdata@onionmail.org

Encryption

Type

Hybrid

Files

XChaCha20

Additional Encryption

curve25519xsalsa20poly1305

File Extension

<file name>.<file extension>.trinitylock

Ransom Note Name

README.txt

Ransom Note Image

Click to enlarge

Samples (SHA-256)

36696ba25bdc8df0612b638430a70e5ff6c5f9e75517ad401727be03b26d8ec4

Known Victims(12)

Industry Sector	Paese	Extortion Date
Individual	Unknown	2024-05-23
Information Technology	Philippines	2024-06-30
Professional Services	Canada	2024-06-30
Environmental Services	Canada	2024-06-30
Banking & Finance	United States	2024-08-13
Healthcare & Medicine	United Kingdom	2024-08-18
Healthcare & Medicine	United Kingdom	2024-08-18
Individual	Unknown	2024-09-07
Fashion & Textiles	China	2024-09-01
Healthcare & Medicine	United States	2024-09-15
Manufacturing	Argentina	2024-09-23
Information Technology	Brazil	2024-10-02

References & Publications(7)

Broadcom: Trinity Ransomware

BleepingComputer Forums: Trinity Ransomware (.trinitylock) Support Topic

BleepingComputer Forums: Trinity Ransomware (.xxxx.trinitylock)

Cyble: In the Shadow of Venus: Trinity Ransomware’s Covert Ties

GitHub: rivitna - Trinity Technical Files

Hive Pro: Trinity Ransomware Strikes with the Dual Extortion Strategy

PCrisk: Trinity Ransomware

Ransomware - TrinityLock