Zeppelin ransomware is back and employing new compromise and encryption tactics in its recent campaigns against various vertical industries—particularly healthcare—as well as critical infrastructure organizations, the feds are warning. Threat actors deploying the ransomware as a service (RaaS) are tapping remote desktop protocol (RDD) exploitation and SonicWall firewall vulnerabilities–alongside previously used phishing campaigns–to breach target networks, according to an advisory from the Cybersecurity and Infrastructure Security Agency (CISA) released Thursday. “This results in the victim needing several unique decryption keys,” according to the advisory. The CISA has identified multiple variants of Zeppelin through various FBI investigations, with attacks occurring as recently as June 21, the agency said. Targets and Tactics Zeppelin is a variant of the Delphi-based ransomware-as-a-service (RaaS) family initially known as Vega or VegaLocker, which emerged at the beginning of 2019 in advertisements on the Russia-based Yandex.Direct, according to BlackBerry Cylance. Unlike its predecessor, Zeppelin’s campaigns have been much more targeted, with threat actors first taking aim at tech and healthcare companies in Europe and the United States. The latest campaigns continue to target healthcare and medical organizations most often, according to the CISA. Tech companies also remain in the crosshairs of Zeppelin, with threat actors also using the RaaS in attacks against defense…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2022-08-12 14:20:002022-08-12 14:20:00Feds: Zeppelin Ransomware Resurfaces with New Compromise, Encryption Tactics
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org