Technical Analysis of Trigona Ransomware

Key Points

Trigona is a ransomware family written in the Delphi programming language that has been active since at least June 2022
The Trigona threat group claims to perform double extortion attacks by combining data exfiltration with file encryption
Trigona utilizes 4,112-bit RSA and 256-bit AES encryption in OFB mode for file encryption
The file decryption process is fairly convoluted with a tool that requires several steps to function properly
The ransomware has been regularly updated with new capabilities including …

aes analysis attacks capabilities claims data data exfiltration data wiper decryption double extortion encryption exfiltration extortion family file file encryption function june key key points language mode process programming programming language ransomware rsa technical technical analysis threat threat group tool tracking trigona trigona ransomware wiper zscaler