Trigona attacks WPC

Incident Date:

September 5, 2023

World map

Overview

Title

Trigona attacks WPC

Victim

WPC

Attacker

Trigona

Location

Ocoee, USA

Florida, USA

First Reported

September 5, 2023

The Trigona Ransomware Gang's Attack on WPC

The Trigona ransomware gang has attacked WPC. Winter Park Construction (WPC), also known as Winter Park Construction Company, is a well-established general contracting and construction management firm based in Winter Park, Florida. As of my last knowledge update in September 2021, WPC had built a solid reputation in the construction industry for its expertise in various types of construction projects. Please note that there may have been developments or changes in the company's operations or projects since that time.

Trigona posted WPC to its data leak site on September 5th but provided no further details. The Trigona ransomware is a relatively recent addition to the ransomware landscape, with its activities dating back to approximately late October 2022. However, it's worth noting that traces of this ransomware existed as early as June 2022. Since its emergence, the operators behind Trigona have displayed a high level of activity, consistently updating their ransomware binaries.

Expansion and Technical Developments

In April 2023, Trigona expanded its scope to target compromised MSSQL servers by illicitly obtaining credentials through brute force methods. Additionally, in May 2023, we came across a Linux variant of the Trigona ransomware, which displayed similarities to its Windows counterpart.

Connections to Other Ransomware Groups

The threat actors associated with Trigona are purportedly the same group responsible for the CryLock ransomware. This connection is inferred from resemblances in their tools, tactics, and procedures (TTPs). Furthermore, there have been associations made between Trigona and the ALPHV group, also known as BlackCat. However, it is our belief that any parallels between Trigona and BlackCat/ALPHV ransomware are largely circumstantial. One plausible scenario is that BlackCat/ALPHV collaborated with the threat actors deploying Trigona but may not have been directly involved in its development and operational activities.

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.