"CISA, FBI Warn Healthcare Sector of Zeppelin Ransomware"

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint cybersecurity advisory to warn critical infrastructure of the dangers of Zeppelin ransomware. From 2019 to at least June 2022, the FBI and CISA observed threat actors using Zeppelin ransomware to launch attacks against defense contractors, educational institutions, technology companies, manufacturers, and healthcare organizations. According to the advisory, Zeppelin is a Ransomware-as-a-Service (RaaS) operation and a derivative of the Delphi-based Vega malware family. Zeppelin is typically used by threat actors in Remote Desktop Protocol (RDP) exploitation and phishing campaigns. Prior to deploying Zeppelin ransomware, actors map or enumerate the victim network to identify data enclaves, such as cloud storage and network backups. Zeppelin actors have also been known to steal sensitive data files before encrypting them and then publish those files if the victim refuses to pay the ransom. The FBI has observed Zeppelin actors executing their malware multiple times within a victim's network, resulting in the creation of different IDs or file extensions for each instance of an attack. Therefore, the victim requires several unique decryption keys. This article continues to discuss the joint cybersecurity advisory on Zeppelin ransomware.

HealthITSecurity reports "CISA, FBI Warn Healthcare Sector of Zeppelin Ransomware"