Skip to Main Content


Observations on New Trigona Ransomware

Click the download button above to read the full report.

Arete research reveals new information about the emerging threat of Trigona ransomware. This threat actor group, associated with ALPHV, is exploiting a vulnerability in the Zoho ManageEngine ADSelfService Plus and demonstrates excessive use of legitimate tools in their attack.

Arete identified a connection between Trigona and ALPHV, indicating some level of administrative collaboration between these two highly sophisticated threat actors. Trigona is leveraging ALPHV’s reputation and data leak site as a pressure tactic.

Arete assessed Trigona’s malicious activity, and through this report wishes to share new actionable intelligence to assist in detecting and preventing these threats.