What is Trigona Ransomware
Trigona is the name of a ransomware virus that encrypts data of corporate users (e.g., companies) and demands money for file decryption. During encryption, it appends the new ._locked extension (for instance, 1.pdf._locked) and creates a file named how_to_decrypt.hta after successful completion. This file contains instructions with steps on what victims should do to decrypt their data.
THE ENTIRE NETWORK IS ENCRYPTED
YOUR BUSINESS IS LOSING MONEY
All documents, databases, backups and other critical data were encrypted and leaked
The program uses a secure AES algorithm, which makes decryption impossible without contacting us
If you refuse to negotiate, the data will be auctioned off
To recover your data, please follow the instructions
Download Tor Browser
Open decryption page
Auth using this key
The price depends on how soon you will contact us
Need help?
Don't doubt
You can decrypt 3 files for free as a guarantee
Don't waste time
Decryption price increases every hour
Don't contact resellers
They resell our services at a premium
Don't recover files
Additional recovery software will damage your data
It is said all critical information, such as documents, databases, local backups, and so forth has been encrypted and leaked. Cybercriminals also mention that file decryption is impossible without their direct involvement. Also, it is mentioned that data of those who refuse to collaborate with cybercriminals will be sold to figures potentially interested in its abuse. To prevent all of this, threat actors guide victims to open a decryption page via the TOR Browser and contact the ransomware developers. From there, victims will most likely be asked to purchase a special decryption key (with Monero cryptocurrency) eventually. There are also warnings against delaying the communication process as this will result in a higher price for decryption. As an additional guarantee, ransomware developers also offer to send 3 files and get them fully decrypted for free. This way cybercriminals showcase their decryption abilities and motivate victims into paying the ransom. Although paying a ransom is usually the only way to decrypt your data and prevent the publication of data, there is still a risk that cybercriminals may fool you and not send any decryption tools or even publish your data regardless of payment. Therefore, the necessity of paying the ransom should be evaluated by each person (or company) experiencing ransomware infections. Regardless of whether a working third-party decryptor exists or not, victims can also recover their data using backup copies (if such are available). Even so, the publication of data will still remain a threat if victims refuse to collaborate with cybercriminals. Alas, the ultimate purpose of ransomware is to lead victims to a dead end and leave them no choice but to pay for decryption. Below, you will find some recommendations of reputable third-party decryptors, however, please note that none of them has been successful in decrypting Trigona files at this moment. You can give them a try if no other alternative is left to consider. Please note that prior to trying any recovery/decryption ways that do not include the participation of cybercriminals, it is crucial to delete the infection from your computer so that it does not continue its malicious activity. Read our guide below to do this and also establish protection against such threats in the future.
How Trigona Ransomware infected your computer
Ransomware infections can occur in a number of ways – via e-mail spam letters, trojans, deceptive third-party downloads, fake software updates/installers, backdoors, keyloggers, botnets, system exploits, and other channels as well. As a rule, users get caught when some malicious file is opened or installed. For instance, ransomware can be disguised as some legitimate file (.DOCX, .XLSX, .PDF, .EXE, .ZIP, .RAR, or .JS extensions) in an e-mail letter that mimics names of legal companies/entities (e.g., delivery companies, tax authorities, banks, and so forth). Cybercriminals tend to name such files in click-bait ways that would reflect some “importance”, “urgency” or simply curiosity in the mind of users. If the attached content ends up opened according to cybercriminals’ guidelines, the contained infection will be likely deployed for installation on the targeted system. A similar infection algorithm can be seen in other distribution channels as well, for instance, when users download some pirated or cracked version of the software from a shady resource. While the installation of such software may look completely unsuspicious, the final result may be the installation of malware onto a system. Thus, beware of interaction with dubious download sources, torrent-sharing pages, suspicious ads, potentially malicious attachments/links, and other kinds of content. Download software only from official resources to prevent drive-by (stealth) installations of malware. We also encourage you to read our guide below and learn more about how one can protect his system against threats like ransomware (or other malware) in the future.
- Download Trigona Ransomware Removal Tool
- Get decryption tool for ._locked files
- Recover encrypted files with Stellar Data Recovery Professional
- Restore encrypted files with Windows Previous Versions
- Restore files with Shadow Explorer
- How to protect from threats like Trigona Ransomware
Download Removal Tool
To remove Trigona Ransomware completely, we recommend you to use SpyHunter 5 from EnigmaSoft Limited. It detects and removes all files, folders, and registry keys of Trigona Ransomware. The trial version of SpyHunter 5 offers virus scan and 1-time removal for FREE.
Alternative Removal Tool
To remove Trigona Ransomware completely, we recommend you to use Norton Antivirus from Symantec. It detects and removes all files, folders, and registry keys of Trigona Ransomware and prevents future infections by similar viruses.
Trigona Ransomware files:
how_to_decrypt.hta
{randomname}.exe
Trigona Ransomware registry keys:
no information
How to decrypt and restore ._locked files
Use automated decryptors
Download Kaspersky RakhniDecryptor
Use following tool from Kaspersky called Rakhni Decryptor, that can decrypt ._locked files. Download it here:
There is no purpose to pay the ransom because there is no guarantee you will receive the key, but you will put your bank credentials at risk.
Dr.Web Rescue Pack
Famous antivirus vendor Dr. Web provides free decryption service for the owners of its products: Dr.Web Security Space or Dr.Web Enterprise Security Suite. Other users can ask for help in the decryption of ._locked files by uploading samples to Dr. Web Ransomware Decryption Service. Analyzing files will be performed free of charge and if files are decryptable, all you need to do is purchase a 2-year license of Dr.Web Security Space worth $120 or less. Otherwise, you don’t have to pay.
If you are infected with Trigona Ransomware and removed from your computer you can try to decrypt your files. Antivirus vendors and individuals create free decryptors for some crypto-lockers. To attempt to decrypt them manually you can do the following:
Use Stellar Data Recovery Professional to restore ._locked files
- Download Stellar Data Recovery Professional.
- Click Recover Data button.
- Select type of files you want to restore and click Next button.
- Choose location where you would like to restore files from and click Scan button.
- Preview found files, choose ones you will restore and click Recover.
Using Windows Previous Versions option:
- Right-click on infected file and choose Properties.
- Select Previous Versions tab.
- Choose particular version of the file and click Copy.
- To restore the selected file and replace the existing one, click on the Restore button.
- In case there is no items in the list choose alternative method.
Using Shadow Explorer:
- Download Shadow Explorer program.
- Run it and you will see screen listing of all the drives and the dates that shadow copy was created.
- Select the drive and date that you want to restore from.
- Right-click on a folder name and select Export.
- In case there are no other dates in the list, choose alternative method.
If you are using Dropbox:
- Login to the DropBox website and go to the folder that contains encrypted files.
- Right-click on the encrypted file and select Previous Versions.
- Select the version of the file you wish to restore and click on the Restore button.
How to protect computer from viruses, like Trigona Ransomware , in future
1. Get special anti-ransomware software
Use ZoneAlarm Anti-Ransomware
Famous antivirus brand ZoneAlarm by Check Point released a comprehensive tool, that will help you with active anti-ransomware protection, as an additional shield to your current protection. The tool provides Zero-Day protection against ransomware and allows you to recover files. ZoneAlarm Anti-Ransomware is compatible with all other antiviruses, firewalls, and security software except ZoneAlarm Extreme (already shipped with ZoneAlarm Anti-Ransomware) or Check Point Endpoint products. The killer features of this application are: automatic file recovery, overwrite protection that instantly and automatically recovers any encrypted files, file protection that detects and blocks even unknown encryptors.
2. Back up your files
As an additional way to save your files, we recommend online backup. Local storage, such as hard drives, SSDs, flash drives, or remote network storage can be instantly infected by the virus once plugged in or connected to. Trigona Ransomware uses some techniques to exploit this. One of the best services and programs for easy automatic online backup is iDrive. It has the most profitable terms and a simple interface. You can read more about iDrive cloud backup and storage here.
3. Do not open spam e-mails and protect your mailbox
Malicious attachments to spam or phishing e-mails are the most popular method of ransomware distribution. Using spam filters and creating anti-spam rules is good practice. One of the world leaders in anti-spam protection is MailWasher Pro. It works with various desktop applications and provides a very high level of anti-spam protection.
