Trinity ransomware was first discovered in May 2024, believed to be a rebrand of the Venus/2023Lock variants, using ChaCha20 encryption and double-extortion via a Tor leak site; the US HHS flagged it as a specific threat to the healthcare sector after confirmed attacks on healthcare organizations.