Skip to content

At The Identity Organisation, we're here to help!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Trinity Ransomware Targets the Healthcare Sector

    The Trinity ransomware gang is launching double-extortion attacks against organizations in the healthcare sector, according to an advisory from the US Department of Health and Human Services (HHS). The ransomware gains initial access via phishing emails or software vulnerabilities.

    “Trinity ransomware was first seen around May 2024,” the advisory says.

    “It is a type of malicious software that infiltrates systems through several attack vectors, including phishing emails, malicious websites, and exploitation of software vulnerabilities. Upon installation, Trinity ransomware begins gathering system details such as the number of processors, available threads, and connected drives to optimize its multi-threaded encryption operations.

    Next, Trinity ransomware will attempt to escalate its privileges by impersonating the token of a legitimate process. This allows it to evade security protocols and protections. Additionally, Trinity ransomware performs network scanning and lateral movement, indicating its ability to spread and carry out attacks across multiple systems in a targeted network.”

    Like many other organized ransomware groups, Trinity steals a copy of the victim’s data before encrypting it, in order to increase pressure on the victim to pay the ransom.

    “Trinity ransomware employs a double extortion strategy,” HHS explains.

    “This involves exfiltrating sensitive data from victims before encrypting it, and then threatening to publish the data if the ransom is not paid. This is a tactic increasingly seen across newer ransomware strains targeting critical industries, particularly healthcare.

    There has been a total of seven Trinity ransomware victims identified to date. Of these, two victims have been identified as healthcare providers, one based in the United Kingdom, and the other a United States-based gastroenterology services provider, where Trinity claims to have access to 330 GB of the organization’s data.”

    New-school security awareness training can give your organization an essential layer of defense against ransomware attacks. KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    The HHS has the story.


    Free Ransomware Simulator Tool

    Threat actors are constantly coming out with new strains to evade detection. Is your network effective in blocking all of them when employees fall for social engineering attacks?

    KnowBe4’s “RanSim” gives you a quick look at the effectiveness of your existing network protection. RanSim will simulate 24 ransomware infection scenarios and 1 cryptomining infection scenario and show you if a workstation is vulnerable.

    Here’s how it works:

    • 100% harmless simulation of real ransomware and cryptomining infections
    • Does not use any of your own files
    • Tests 25 types of infection scenarios
    • Just download the install and run it 
    • Results in a few minutes!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/ransomware-simulator-tool-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top