BlackCat/ALPHV Ransomware Victim: Triella

Description

• We are glad to introduce you to a new candidate for the “I don’t care about my customers” award. Triella audit systems and provide an overview of security, but unfortunately they don’t do their job well. We must point out, that they used some solutions that helped them to make our presence on their network more difficult, but did not help to stop the incident. The Sentinel and ThreadLocker antivirus solution is a good choice, sometimes it was difficult, but if you don’t protect everything, what’s the point of it? Duo Factory is a good solution for companies that deal with information security and offer their services to others, but if we are talking about security software, we should not forget about passwords like “Password1” (it was on the administrators and some employees who have access to confidential information). We read their conversations in Microsoft Teams for weeks sitting with popcorn and glasses. We made the mistake of trying to log into the service with Duo Factory of one of the employees and he got a message. What do you think happened next? The employee logged into Teams and posted about it, was ignored and nothing changed. They had a chance to prevent this incident, they had a chance to negotiate with us until recently, but this company doesn’t want to get in touch at all. We still have access to their network. On the desktops are our notes with instructions on how to contact us. Employees see the welcome letter and the background we changed for them a few days after the incident. We can’t believe they don’t have a way to write to us. We have informed them in every way possible, but these people have no respect for other people’s hard work and do not try to maintain their company’s reputation. Triella experienced a cyber incident on December 25, on December 28 we went in to check on how they were doing. We were very surprised to see that the password on keepass was not changed and the password for only 1 service of their client was changed in the database. Let’s talk about employees. Pamela Miranda is the CEO of the company and the most irresponsible person. Apparently this woman was too busy with her personal life and did not want to pay attention to the fact that her employees work 4 hours a day and do not follow safety standards. She spit on the opportunity to make things right and didn’t even think that for a nominal fee she could have avoided the incident and not let her customers down. Employee Ada Hoxha. We would say that she is our favorite, thanks to her irresponsibility we managed to find out the master password from Keepass, which was stored in public access on their file server. Imagine: one mistake of an employee and we have in our hands logins of authorizations in 50+ companies. We are not talking about firms with 10 employees, these are law firms with a good reputation in the market. Employee Emon Kaur. A bit sorry for the guy, he doesn’t know anything at all and doesn’t know how to do anything, even had a password of the format described above, he had access to confidential correspondence and reports that helped us get ahead. Employee Tammy St. Pierre. You can of course discuss personal matters at work, but we would recommend dealing with actual issues instead of idle chatter. It’s exhausting to get the dirty laundry of every employee of this super mega hyper securitized company that opposes hackers. We can say that there are no saints or innocents in this company, everyone is bad at their job. We tried very hard to make a good Christmas present, but Triella did not appreciate our efforts. It is not for us to judge them, let the people decide their fate. Let’s talk about clients. We present to your attention just a small list of all clients: Owens Wright Schneider Ruggiero Spencer Milburn WEL Partners Ursel Phillips Fellows Hopkinson Shibley Righton R Robertson Insurance Brokers Lawrence Lawrence Stevenson Marta Watson O’Sullivan Estate Lawyers Crawford Chondon Dooley Lucenti Isaacs Odinocki Keyser Mason Ball JP Milani Asset Managment Auto Motion Shade MIT Power Brannan Meiklejohn Irager&Associates PrimeRose Expect an update on the list of published companies soon. In the frying pan today: Auto Motion Shade Manufacturer of window shades, not particularly cool, but no less interesting. We’ll leave the good stuff for dessert. How much? 38 GB of files. LINK REDACTED BY REDPACKET SECURITY Shibley Righton. Responsible company with good IT (no), they already had an incident in 2020, I’m sorry that then our colleagues didn’t finish the job decently and the company didn’t understand what a cyber incident is and what the consequences can be. 92 GB of data waiting for you. LINK REDACTED BY REDPACKET SECURITY R.Robertson They don’t seem like nice guys at first glance, but it’s worth seeing what they do. It’s a shame they didn’t contact us. They had a chance. Real estate insurance and some of the things that go with it. Uh-oh, you’ll be reading about that soon in the 120 GB files. LINK REDACTED BY REDPACKET SECURITY Ursel Phillips Fellows Hopkinson. These lawyers are interesting guys, they’ve got a lot of confidential information on their servers, their correspondence is full of gold like Alaska in the past. Everywhere you look, detectives, drama, sometimes even Romeo and Juliet style romance. Our favorite is the investigation into drugs and a local police officer. Wow, 365 GB of confidential correspondence and files. LINK REDACTED BY REDPACKET SECURITY Don’t think that’s the end of it. There’s still the good stuff for dessert. Like cops love doughnuts, we love sexual assault in company reports, dirty pictures stored on file servers, financial tax reports, and video recordings of clients (I wonder if they were made with their consent?). The next leak will be over 400 GB. We’re very eager to show you what we’ve found, but that will depend on those who negotiate with us. And now a bit of information for journalists. We respect your work and we really like the way you report on the incidents. We will shorten your work and provide some contacts of the employees of the company that is guilty. Triella Muhammad Adil – IT Consultant +9710563615668 Susan Bennett – Social Media Manager +14162944278 Alex R – VP of IT Solutions & Operations +1 416-598-2920 Indika Ekanayake – Lead IT Consultant REDACTED BY REDPACKET SECURITY Sean Kirby – Director, Firm Solutions REDACTED BY REDPACKET SECURITY Faraz Mehmood – Sales and Marketing Coordinator REDACTED BY REDPACKET SECURITY ######################### Update 2.0. #01.25.24 Well we’re back with a sequel. Triella Corp is back. We would not say that they are resolute in continuing dialog with us and resolving the incident that occurred due to their fault. It seems that one of those who wrote to us felt his chair burning and tried to do something briefly. To be honest, we are not allowed to tell such stories, but for the sake of you, dear readers and guardians of the law, we will share some details. After our first announcement, a certain employee of Triella Corp lied that he couldn’t contact us and discuss the incident (apparently the pride of 1Password didn’t allow to open the browser and enter the chat), so we were contacted by their client who asked for additional access for them, for Triella this is an “argument” why they didn’t communicate with us earlier (agree, it sounds like a childish excuse). In the contract was indicated a small amount of decryption of the entire hosting and all its customers, as well as it was agreed that we will delete all data and tell them what they should improve to prevent incidents in the future. Of course we are not businessmen, we do not understand much about mega profitable deals, but it seems to be decent terms. If you look at other groups, they can only boast of threatening loved ones, putting feces under the door of the director’s staff and providing only decryption tools, and deleting documents (not everyone deletes them, some are lying, but we did not talk about it). In turn, our team provides a professional pentest network and if the deal is successful helps with everything that can happen. And if we can not help, even returns the money (just think about it) and with such people Triella Corp did not want to cooperate. We sympathize with the mothers of directors that they have such “gifted” children. Back on topic. Triella did not want to cooperate and just stopped showing any activity, we visited their network and we are glad to add that not all is lost for them, they thought of changing passwords (but one spoiled dog still had Password format “password”), thanks to Triella, we laughed. There is no point in waiting any further, a company of incompetent people from IT to the directors. The holes in their systems are not closed, they are still vulnerable and nothing is being done about it. What’s next? We continue our work and Triella Corp goes to a place of honor in our panel with its clients. P.S. We would like to add that we have had opportunities to send employees to work on paper instead of computers, but this is not humane, we see ourselves as honest hackers who take payment for their services. One of Trialla Corp’s clients is a hospital with cancer patients. We had access to their network. As you already know our organization has no restrictions from now on, but morally we decided not to touch them. There are many people who are less fortunate than you and we, they should be helped, not made even more difficult. P.S.S. Don’t lose us, we have some more interesting nominees coming up, of course we won’t be talking about Triella, but they are no less amazing guys. Journalists, we will notify you by mail when the time comes, we wish you a good day!