Trigona attacks Treadwell-Tamplin & Co

Incident Date:

September 5, 2023

World map

Overview

Title

Trigona attacks Treadwell-Tamplin & Co

Victim

Treadwell-Tamplin & Co

Attacker

Trigona

Location

Madison, USA

Georgia, USA

First Reported

September 5, 2023

The Trigona Ransomware Attack on Treadwell-Tamplin & Co.

The Trigona ransomware gang has attacked Treadwell-Tamplin & Co. Treadwell-Tamplin & Co is an accounting firm, founded in 1970, headquartered in Madison, Georgia. They primarily provide taxation, audit and attestation, and managerial services. The firm has consists of three partners, five professional staff, and one support staff. Trigona posted Treadwell-Tamplin & Co to its data leak site on September 5th but provided no further details.

Background of Trigona Ransomware

The Trigona ransomware is a relatively recent addition to the ransomware landscape, with its activities dating back to approximately late October 2022. However, it's worth noting that traces of this ransomware existed as early as June 2022. Since its emergence, the operators behind Trigona have displayed a high level of activity, consistently updating their ransomware binaries.

Recent Developments

In April 2023, Trigona expanded its scope to target compromised MSSQL servers by illicitly obtaining credentials through brute force methods. Additionally, in May 2023, we came across a Linux variant of the Trigona ransomware, which displayed similarities to its Windows counterpart.

Connections to Other Ransomware Groups

The threat actors associated with Trigona are purportedly the same group responsible for the CryLock ransomware. This connection is inferred from resemblances in their tools, tactics, and procedures (TTPs). Furthermore, there have been associations made between Trigona and the ALPHV group, also known as BlackCat. However, it is our belief that any parallels between Trigona and BlackCat/ALPHV ransomware are largely circumstantial. One plausible scenario is that BlackCat/ALPHV collaborated with the threat actors deploying Trigona but may not have been directly involved in its development and operational activities.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.