tridentlocker

Ransomware group profile

16Victims

50Impact score

Description

TridentLocker is a ransomware-as-a-service (RaaS) operation that emerged in late 2025, utilizing double-extortion tactics to pressurize victims for financial gain. The group encrypts systems while threatening to release stolen data, demonstrating sophisticated operational security and a rapid pace of attacks across various sectors.

Key insights

•Employs double-extortion tactics by encrypting systems and threatening to leak stolen data.
•Gains initial access through credential abuse and privilege escalation techniques.
•Targets a diverse range of sectors, indicating a broad operational focus.
•Utilizes proprietary ransomware while engaging in data exfiltration prior to encryption.
•Demonstrates high operational security, allowing prolonged undetected presence within networks.

Industries

Energy & Utilities Financial Services Government & Defense Hospitality Manufacturing Other Professional Services Retail & E-Commerce Technology

Threat Level & Status Breakdown

For tridentlocker · Based on incidents in selected period

1.4threat level

Aggressiveness4/ 10

Lethality0/ 10

Criticality0/ 10

Status Breakdown

Claimed100.0%16

First seenOct 2025

Last seenApr 2026

Avg ransom—

Payment rate—

Statusactive

Sophistication0

Last updatedJun 2, 2026

Recent activity

Monthly attack count for tridentlocker in the selected period

16Total attacks

8peak in Nov

2.3avg / month

↓ 1 vs first month

Intelligence

IOCs, YARA/Sigma rules, and related families for tridentlocker

d520d06d78afcad2e03842cb8db4622d18b92739e89dfb8dadf5743f30dcd903
e75e5778e71e062ce4a7af673f0b2513854d2367fee0f01a26c0c998863bdf6e
eae09889399fe4fb8e78b114dba0527de913d12fb1802944a88ed136e3e90577
94f73b5dc06ba6705fcef3e759413a747049c2949a0c2e44afc03b2f9989cf73

View full IOC feed500 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for tridentlocker

Other

T1486

T1490

T1078

T1046

T1562

T1021

T1033

T1021.001

T1020

T1059

T1005

Victims(16)

Company	Domain	Country	Industry	Status	Discovered
RT Software	—	GB United Kingdom	Technology	Claimed	about 1 month ago
Jameson Pepple Cantu PLLC	jpclaw.com	US United States	Professional Services	Claimed	3 months ago
TMPartner	tm-partner.ch	JP Japan	Professional Services	Claimed	4 months ago
Eco Green Group	ecogreengroup.co.uk	GB United Kingdom	Energy & Utilities	Claimed	5 months ago
Sedgwick Government Solutions	sedgwickgovernment.com	US United States	Government & Defense	Claimed	5 months ago
allenprinting	allenprinting.com	US United States	Professional Services	Claimed	6 months ago
GuestTek	guesttek.com	CA Canada	Technology	Claimed	6 months ago
Advantage 360	advantage360.com	US United States	Technology	Claimed	6 months ago
iqs	—	IQ Iraq	Manufacturing	Claimed	6 months ago
noment	noment.com	US United States	Technology	Claimed	6 months ago
LMG Holdings	lmgholdings.com	US United States	Manufacturing	Claimed	6 months ago
bpost	bpost.be	BE Belgium	Technology	Claimed	6 months ago
typecaseinc	typecaseinc.com	US United States	Technology	Claimed	6 months ago
asiawba	asiawba.com	KR South Korea	Financial Services	Claimed	6 months ago
Calmec	calmec.com	CA Canada	Manufacturing	Claimed	6 months ago
EnQuest	enquest.com	GB United Kingdom	Energy & Utilities	Claimed	6 months ago

Affected countries(16)

Countries where this group has been reported to target or leak victims.

🇧🇪Belgium 🇨🇦Canada 🇨🇳China 🇪🇸Spain 🇫🇷France 🇬🇧United Kingdom 🇭🇰Hong Kong 🇮🇶Iraq Iran, Islamic Republic of 🇯🇵Japan Korea, Republic of 🇱🇷Liberia 🇵🇰Pakistan 🇸🇪Sweden 🇹🇷Turkey 🇺🇸United States