TRIGONA RANSOMWARE DEPLOYS CUSTOM DATA THEFT TOOL

Security researchers have identified Trigona operators using purpose-built software designed to streamline the data exfiltration phase of their attacks. The custom tool operates via command-line interface, allowing attackers to quickly pull large volumes of data from victim environments. This development marks an escalation in Trigona's operational capabilities. Rather than relying on generic exfiltration methods, the ransomware group now employs specialized tooling that reduces detection risk and accelerates the data theft window—a critical phase before encryption and ransom demands. Trigona has emerged as an increasingly aggressive ransomware-as-a-service operation, targeting organizations across multiple sectors. The group typically combines data exfiltration with encryption, using stolen information as leverage to coerce ransom payments. Organizations should implement network monitoring to detect suspicious data transfer patterns, enforce principle-of-least-privilege access controls, and maintain offline backups to mitigate exposure to Trigona and similar threats.