Trinity Double-Extortion Ransomware Group Targets Healthcare
February 1, 2025
Paying a ransom to have your organization's sensitive information returned is bad enough. But when the hacker also threatens double-extortion—publicly exposing your ransomed data if you don’t pay up, it’s even worse. That’s exactly how the hacking group behind Trinity ransomware terrorizes their victims, including the healthcare sector. It’s anything but a fair fight—and that’s the point.
In a threat alert, the Department of Health and Human Services warned critical industries in the U.S. about Trinity’s double threat. Healthcare is a favorite target for ransomware attacks since they disrupt hospitals and doctors and put patient well-being at risk. With so much in jeopardy, victims are likely to quickly pay the cryptocurrency ransom demand. In the six short months Trinity has been active, ten organizations in seven countries have been attacked, including in healthcare, finance, and education.
Trinity Troubles
Once active in a system, Trinity gets to work siphoning data from patient files before locking them with ChaCha20 encryption. Trinity hackers also operate a “leak site” that lists its victims—those they threaten to expose using double-extortion. If victims don’t contact Trinity within 24 hours, they’ll leak or sell the stolen data.
Trinity takes advantage of stolen credentials and unpatched systems, with hackers using email phishing to lure its victims. They elevate their privileges within a system, bypassing security protections and holding the data for ransom.
Anti-Phishing Tips
Always keep software updated and patched. It’s where security upgrades and bug fixes are often included. To minimize an attacker’s hold on your data, do regular backups of data using a server separate from the system and preferably stored offline. Email filters can block malicious attachments and hyperlinks, and anti-malware software can keep an infection from taking hold.
Remember the tried-and-true tips: Don’t click links or attachments that are unexpected, from unknown senders, or that seem phishy in any way. Always keep in mind that any type of attachment can be used to hide malware these days.
SUBSCRIBE TO WEEKLY NEWSLETTER
