Submission declined on 28 February 2024 by MicrobiologyMarcus (talk). This submission is not adequately supported by reliable sources. Reliable sources are required so that information can be verified. If you need help with referencing, please see Referencing for beginners and Citing sources.
Where to get help
How to improve a draft
You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Editor resources
|
- Comment: this article needs to decide if it is about the software (see WP:NSOFTWARE) or the organization (and therefore meet WP:NCORP) microbiologyMarcus [petri dish·growths] 17:28, 28 February 2024 (UTC)
- Comment: review WP:REFB for assistance with inline citations microbiologyMarcus [petri dish·growths] 17:25, 28 February 2024 (UTC)
Trisec Ransomware
editIntroduction
editTrisec is a newly emerged ransomware gang that made its first appearance on the cyber threat landscape in February 2024. Unlike typical ransomware groups, Trisec has openly affiliated itself with a nation-state, specifically Tunisia.[1]
Operations
editThe Trisec ransomware gang made its first post to its dark net leak site on February 17, 2024, announcing its first apparent victim: an Irish Toyota dealership called Cogans Toyota Cork.[2] The group threatened to leak all of the data they found if the dealership did not pay in time. Interestingly, the initial ransom post is no longer live.[3]
Goals and Vision
editThe group has stated its goals as financial gain and glory to Tunisia. Their vision is to see their work demolish the cyber world. They engage in a diverse range of activities, including both state-sponsored and financially motivated attacks, like ransomware.[4]
Suspected Links to Russia and TAT505
editWhile Trisec openly affiliates itself with Tunisia, there are suspicions about its true origins. Clipeus Intelligence, a cybersecurity firm, has suggested that Trisec may have links to Russia. This suspicion is based on patterns of behavior, tactics, and techniques that are similar to those used by known Russian cybercriminal groups.[5] Furthermore, there are indications that Trisec may be linked to the notorious cybercriminal group TAT505. TAT505, also known as CL0P, is a well-established, financially motivated, Russian-speaking ransomware-as-a-service (RaaS) cybercrime group. They have been active since at least 2014 and are known for operating various RaaS operations, including LockBit, Hive, Locky Ransomware, and REvil.[6]
Conclusion
editTrisec is a unique operation in the ransomware landscape, with its open affiliation with a nation-state and its recruitment strategy. As a new player in the field, the group’s activities and impact are still unfolding[7]
- ^ "Novel Trisec Ransomware Hits Toyota Ireland". 17 February 2024.
- ^ "Triangulating Trisec, a newly emerged ransomware gang". 27 February 2024.
- ^ "Triangulating Trisec, a newly emerged ransomware gang". 27 February 2024.
- ^ "Triangulating Trisec, a newly emerged ransomware gang". 27 February 2024.
- ^ "Trisec: A New Ransomware Actor". 17 February 2024.
- ^ "Profile: TA505 / CL0P ransomware". 9 August 2023.
- ^ "Triangulating Trisec, a newly emerged ransomware gang". 27 February 2024.