Healthcare organizations across the U.S. have been warned by the Department of Health and Human Services Health Sector Cybersecurity Coordination Center regarding the "significant threat" of the new Trinity ransomware operation following the group's successful compromise of at least one healthcare entity in the country since its emergence in May, according to The Record, a news site by cybersecurity firm Recorded Future.
Attacks by Trinity ransomware, which were reported to have impacted a U.S. gastroenterology services provider and a New Jersey-based dental group, involved the exploitation of known software vulnerabilities to facilitate the delivery of the payload, an advisory from HC3 noted. After obtaining system information regarding vulnerable processors and connected drives, Trinity ransomware proceeds to enable network scanning, lateral movement, and file encryption, said the advisory, which also noted the absence of any decryption technique for the payload. Further analysis showed Trinity's similarities with the 2023Lock and Venus ransomware strains, indicating partnerships between different threat operations.