The U.S. Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center (HC3) has released a Threat Actor Profile on the Trinity Ransomware Group. Emerging as a significant threat since May 2024, Trinity ransomware employs a double extortion strategy by exfiltrating sensitive data before encrypting files. It uses the ChaCha20 encryption algorithm and tags compromised files with the “.trinitylock” extension. The group operates both a victim support site and a leak site to display its victims. Trinity infiltrates systems through phishing attacks and software vulnerabilities, gathering system details and escalating privileges to evade detection. It demands ransom payments in cryptocurrency while threatening to leak data if victims do not comply. Research indicates possible connections to other ransomware groups, such as Venus and 2023Lock, with Trinity primarily targeting healthcare providers and claiming access to substantial data. Currently, victims have no known decryption options and face significant challenges in recovery. For more information, please refer to the Trinity Ransomware Threat Actor Profile.