In an unexpected move, a Ukrainian hacktivist group attacked the dark web portal of a Russian ransomware group. Hacktivists from the Ukrainian Cyber Alliance wiped out, exfiltrated, and defaced the website of Trigona Ransomware leaving the message, ‘Trigona is Gone!’ on it. The Trigona ransomware takedown is part of an ongoing mission of the Ukrainian Cyber Alliance.

The Ukrainian hacktivist group has been doing so since 2014, the message on the Trigona ransomware portal read after the defacement attack.

Details About the Trigona Ransomware Takedown

Cybersecurity Analyst Dominic Alvieri tweeted the screenshot of the defaced Trigona website.

“Welcome to the world you created for others,” read the wiped-out Trigona ransomware dark web portal. The Ukrainian Cyber Alliance exfiltrated the servers of the Russian ransomware group during the Trigona ransomware takedown.

The takedown of Trigona infrastructure would understandably lead to retaliatory attacks from pro-Russian hackers.

The Ukrainian Cyber Alliance was found celebrating the takedown of Trigona ransomware on its Twitter platform.

Trigona ransomware which was first tracked in June 2022 was found urging dark web members to join its affiliate program, stated a Cyble blog.

The double extortion ransomware group were speculated to expanding their operations via the affiliate program. The Trigona ransomware affiliate program included DDoS capabilities, access to industry journalists, and a cloud for hosting leaked files among others.

Members were lured by a handsome payment in the cryptocurrency of their choice. “Deposit of 1 BTC on two respected forums for over two years,” concluded the affiliate program advertisement by Trigona.

The ransomware was written in Delphi programming language and used a 112-bit RSA and 256-bit AES encryption in their cyberattacks.

Trigona ransomware was deployed on a business park in Hong Kong, according to their dark web claims. The Cyberport cyberattack was confirmed by officials of China’s flagship enterprise that encompasses over 1,900 members, 800 onsite and 1,100 offsite start-ups.

Trigona operators demanded a ransom of $300,000 for the exfiltrated data from the Cyberport cyberattack.

The ransomware group had recently updated their dark web portal back then in September during the Cyberport cyberattack.

Last week, Trigona ransomware group claimed a cyberattack on Alconex Speciality Products. This claim was found in a tweet by the dark web monitoring platform, Dark Web Informer.

Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.