The U.S. Department of Health and Human Services (HHS) is warning the healthcare sector about Trinity ransomware attacks. Trinity is a relatively new type of ransomware and was first spotted in May of this year. The ransomware adds a “.trinitylock” extension to encrypted files. A leak site contains a list of Trinity’s victims. The ransomware operators also have another site where victims can seek help with decryption. The HHS believes that the ransomware group using Trinity is a major threat to the healthcare and public health sector. There is at least one U.S. healthcare organization that has been a victim of the group already. The Trinity ransomware group uses phishing, vulnerable software, and malicious websites to gain initial access. The group then elevates its privileges within the environment and exfiltrates data from the system to be used later for extortion. Lastly, Trinity encrypts the victims file and leaves a ransom note behind on the victim’s computer. There are currently no known decryption tools for the ransomware.



Read more: https://www.securityweek.com/healthcare-organizations-warned-of-trinity-ransomware-attacks/