Is there any workaround for Trigona ransomware?

[Pandemicc]

Hi all, sorry if the thread is in the wrong section.

I was looking for ways to decrypt files that are infected with Trigona. https://id-ransomware.malwarehunterteam.com says that there are no ways decrypt Trigona yet. Is there any other site to learn about it or the malwarehunterteam is the more decent one? Lastly, is there a way to find the files through file recovery? I have rtt T80.

[Arch Stanton]

Depends on many things. Note in advance that I do not have examined files encrypted by this particular ransomware.

So file recovery: Many ransomwares open file > copy encrypted data to new file > delete original. So depending on specifics it may be possible to go after the deleted originals. But anyone understanding mechanisms and consequences of file deletion can tell this is a long shot. I also read somewhere I think this ransomware offers attackers to option to erase original files, as in zero fill. Anyway, assuming you took a drive image you can simply try.

File repair: IMO it's always worth investigating a larger encrypted file and try determine if the entire file is encrypted. If not partial recovery of data / file repair may be possible, investigate some more files and see if you can determine a pattern. Some ransomwares actually encrypt surprisingly small portion of file data in case of large files.