The Trinity ransomware gang is launching double-extortion attacks against organizations in the healthcare sector, according to an advisory from the US Department of Health and Human Services (HHS). The ransomware gains initial access via phishing emails or software vulnerabilities.
“Trinity ransomware was first seen around May 2024,” the advisory says.
“It is a type of malicious software that infiltrates systems through several attack vectors, including phishing emails, malicious websites, and exploitation of software vulnerabilities. Upon installation, Trinity ransomware begins gathering system details such as the number of processors, available threads, and connected drives to optimize its multi-threaded encryption operations.
Next, Trinity ransomware will attempt to escalate its privileges by impersonating the token of a legitimate process. This allows it to evade security protocols and protections. Additionally, Trinity ransomware performs network scanning and lateral movement, indicating its ability to spread and carry out attacks across multiple systems in a targeted network.”
Like many other organized ransomware groups, Trinity steals a copy of the victim’s data before encrypting it, in order to increase pressure on the victim to pay the ransom.
“Trinity ransomware employs a double extortion strategy,” HHS explains.
“This involves exfiltrating sensitive data from victims before encrypting it, and then threatening to publish the data if the ransom is not paid. This is a tactic increasingly seen across newer ransomware strains targeting critical industries, particularly healthcare.
There has been a total of seven Trinity ransomware victims identified to date. Of these, two victims have been identified as healthcare providers, one based in the United Kingdom, and the other a United States-based gastroenterology services provider, where Trinity claims to have access to 330 GB of the organization’s data.”
New-school security awareness training can give your organization an essential layer of defense against ransomware attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.
The HHS has the story.