FBI Warns U.S. Organizations Against the Wrath of Zeppelin

T

TedCruz

Level 5
Thread author
Aug 19, 2022
176
Content source
https://cyware.com/news/fbi-warns-us-organizations-against-the-wrath-of-zeppelin-6848146f
The CISA and the FBI have warned against ongoing Zeppelin ransomware attacks encrypting files multiple times. The recent warning is issued to U.S. organizations working in multiple sectors.

About the warning​

The agencies shared the TTPs and IOCs to help security admins identify and block ransomware attacks.
  • The FBI spotted the ransomware in June. It is operating as a RaaS and its malware has gone through multiple name changes from VegaLocker to Buran, Jamper, VegaLocker, and now Zeppelin.
  • In some cases, Zeppelin operators executed their malware multiple times, resulting in the creation of different IDs or file extensions, ensuring that the victim needed multiple unique decryption keys.

Zeppelin’s profile​

According to reports, affiliates of Zeppelin have been active since 2019, targeting businesses and critical infrastructures, such as defense contractors and technology firms, while eyeing entities from healthcare and medical sectors as well.
  • The attackers are known for stealing data for double extortion and ransom requests in Bitcoin, with starting demands ranging from thousands of dollars to more than a million dollars.
  • For infection, Zeppelin uses RDP exploitation, SonicWall firewall vulnerabilities, and phishing attacks.
  • Zeppelin is usually deployed as a .dll, .exe file or added inside PowerShell loader.

Suggestions by FBI​

  • The FBI urges IT admins who identified Zeppelin ransomware activity within their networks to collect and share any type of related information to their local FBI Field Office.
  • The FBI does not encourage paying ransom and advises victims against it. Even paying ransom has no certainty that attackers will stop future attacks or not leak data.

Recommendations​

The agencies advise organizations to take measures to stay protected from Zeppelin ransomware. These measures include patching exploited vulnerabilities, training employees and users to identify and report phishing attempts, and enabling and implementing multi-factor authentication.
Click to expand...
 
  • Like
Reactions: The_King, Venustus, EASTER and 1 other person
You must log in or register to reply here.

Similar threads

upnorth
    • Like
    • Applause
    • +Reputation
Ransomware Researchers Quietly Cracked Zeppelin Ransomware Keys
Replies
0
Views
543
Malware Analysis
upnorth
upnorth
[correlate]
    • Like
    • Wow
    • +Reputation
Cuba ransomware uses Veeam exploit against critical U.S. organizations
Replies
0
Views
826
News Archive
[correlate]
[correlate]
vtqhtr413
    • +Reputation
    • Like
    • Wow
Security News Volt Typhoon lays low in Critical Infrastructure Networks
Replies
0
Views
837
Security News
vtqhtr413
vtqhtr413

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top