Federal authorities are warning of a new ransomware gang that has already claimed at least one healthcare victim in the U.S.
Trinity ransomware, which was first detected around May, uses tactics such as phishing emails, malicious websites and software vulnerabilities to hack organizations then employs "double extortion," according to an Oct. 4 notice from HHS' Office of Information Security and Health Sector Cybersecurity Coordination Center.
"This involves exfiltrating sensitive data from victims before encrypting it, and then threatening to publish the data if the ransom is not paid," the notice stated. "This is a tactic increasingly seen across newer ransomware strains targeting critical industries, particularly healthcare."
The known U.S. healthcare victim was a gastroenterology services provider that Trinity claimed to have stolen 330 gigabytes from, the agencies said. The gang, which demands payment in cryptocurrency, may be connected to the 2023Lock and Venus ransomware groups.
"Victims have 24 hours to contact the cybercriminals, and failure to do so will result in the stolen data being leaked or sold," the notice stated. "Unfortunately, no known decryption tools are currently available for Trinity ransomware, leaving victims with few options."
Authorities recommend healthcare organizations implement mitigation measures such as a data recovery plan, network segmentation and offline data backups.