Recently, a new strain of ransomware named Trigona has been discovered by cybersecurity researchers. Trigona is particularly concerning because it targets weakly configured Microsoft SQL servers, which are commonly used by organisations to store and manage data.
In this blog, we’ll take a closer look at Trigona ransomware, how it works, and what steps you can take to protect your organization.
What is Trigona Ransomware?
Trigona ransomware is a new strain of ransomware that targets Microsoft SQL servers. It was first discovered by researchers at the security firm Binary Defense in March 2021. Like other ransomware strains, Trigona encrypts files on infected systems and demands a ransom payment in exchange for the decryption key.
How Trigona Works
Trigona ransomware is distributed through a variety of methods, including phishing emails, brute-force attacks, and exploiting vulnerabilities in Microsoft SQL servers. Once it infects a system, Trigona first attempts to disable any security software or services that might detect or prevent it from running.
Trigona then scans the infected system for Microsoft SQL servers that are weakly configured and can be exploited. If it finds a vulnerable server, Trigona will use a SQL injection attack to gain access to the server and encrypt the data stored on it. The ransom note left by Trigona demands a payment of $250,000 in Bitcoin in exchange for the decryption key.
How to Protect Your Organization
To protect your organization from Trigona ransomware, it’s important to take the following steps:
- Keep your systems and software up-to-date: Ensure that all of your systems and software are up-to-date with the latest security patches and updates. This can help prevent vulnerabilities from being exploited by attackers.
- Use strong passwords: Make sure that all user accounts and passwords are strong and complex. Avoid using default or easily guessable passwords.
- Monitor your network: Regularly monitor your network for signs of suspicious activity or unauthorized access. This can help you detect and respond to attacks before they can cause damage.
- Backup your data: Regularly backup all of your important data and store it in a secure, off-site location. This can help you recover your data in the event of a ransomware attack.
- Educate your employees: Train your employees on how to recognize and respond to phishing emails and other types of social engineering attacks. This can help prevent attackers from gaining access to your systems in the first place.
Conclusion
Trigona ransomware is a serious threat to organisations that use Microsoft SQL servers. By taking the steps outlined above, you can help protect your organization from this and other types of ransomware attacks. Remember, prevention is key when it comes to ransomware, so be proactive in securing your systems and data.
