Buzzing on Christmas Eve: Trigona Ransomware in 3 Hours
released on 2024-01-31 @ 11:54:46 AM
This report details an intrusion that began when a threat actor exploited an exposed RDP host, leading to data exfiltration and deployment of Trigona ransomware in just three hours on Christmas Eve. The threat actor used batch scripts, SoftPerfect Netscan, and RDP for discovery, lateral movement, and execution. Data was exfiltrated via Rclone to Mega.io before executing Trigona across the network, encrypting systems and leaving ransom notes.