march 2024

New Ransomware Renegade on the Block: Trisec Vision Targets Irish Toyota Dealership

In February a new ransomware group called Trisec Vision emerged, launching its first ransomware attack on an Irish Toyota dealership. Their motivations and unconventional ransom tactics are causing concern among the cybersecurity sector.


Who is Trisec Vision?

Trisec Vision introduced themselves on the clear net hacking site BreachForums on the 21st January as Tri-Security Vision. Since then, they have changed their name, but have been actively recruiting malware developers, web developers, phishing pros and social engineers amongst others.

Originating from Tunisia, Trisec has quickly gained attention for its unconventional ransom tactics and exclusive nationalistic recruitment strategies. The group appears to blur the lines between profit and patriotism in the cybersecurity realm, presenting a new and unique threat on the global stage. In a post, they describe themselves as “a cyber-crime group that engages in a diverse range of activities, including both state-sponsored and financially motivated attacks, like ransomware.”

While the group’s background and agenda remain somewhat mysterious, with limited intelligence available, their announcement of a single victim in Ireland and the intriguing nature of their leak site suggest that Trisec aims to establish itself as a significant actor within the realm of cyber threats.


Trisec make their first move

Trisec Vision made its first public appearance on their dark net leak site on February 17, 2024, announcing an Irish Toyota dealership called Cogans Toyota Cork as its first victim. The group threatened to leak all the data they had found unless their demands were met, indicating a serious approach to their ransomware activities​​.

A Trisec spokesperson posted the following on the group’s leak site “Pay in time, or we will leak all of the data we found, trust me you don’t want that. Pay before the timer ends and keep your data safe.”

The dealership was given a 20-day deadline to make a payment and was told to initiate contact with the hackers to propose a sum, marking a departure from the common practice of stipulating an exact amount upfront. Interestingly, the original ransom announcement has since been taken down. While there have been sporadic mentions of additional targets throughout X, Cogans remains the only victim that has been officially acknowledged by the group – or at the very least, the sole victim of their ransomware attacks to be made public.

Trisec Vision represents a concerning addition to the ever-growing list of ransomware groups. As the cybersecurity community continues to investigate and respond to this new threat, it is crucial for organizations to remain vigilant.

You may also like

Ransomhub June BTH

June 10, 2024

Stolen Data from US Telecom Company Frontier is Auctioned by RansomHub

Read more
Lockbit June BTH

June 10, 2024

FBI Encourages LockBit Victims to Claim Decryption Keys

Read more
BreachForums June BTH

June 10, 2024

590Million Customers Affected by 2 Major Attacks: Data Released on BreachForums

Read more