Zeppelin ransom gang executes malware multiple times within a victim’s network

Threat actors using Zeppelin request ransom in Bitcoin, with extortion amounts ranging from several thousand dollars to over a million dollars.

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint Cybersecurity Advisory to disseminate Zeppelin ransomware.

Threat actors have been observed using this ransomware-as-a-service (RaaS) from 2019 through at least June 2022. Criminals have targeted a wide range of businesses and critical infrastructure organizations, including defense contractors, educational institutions, manufacturers, technology companies, and especially organizations in the healthcare and medical industries.

Criminals leave a ransom note on compromised systems, frequently on the desktop:

Zeppelin ransom note
Image by CISA and the FBI

“Zeppelin actors gain access to victim networks via RDP (remote desktop protocol) exploitation, exploiting SonicWall firewall vulnerabilities, and phishing campaigns. Prior to deploying Zeppelin ransomware, actors spend one to two weeks mapping or enumerating the victim network to identify data enclaves, including cloud storage and network backups,” the advisory reads.

As is typical with ransomware gangs, Zeppelin exfiltrates sensitive corporate data with the intent to make it accessible to buyers or the general public in case the victim refuses to succumb to its demands.

“The FBI has observed instances where Zeppelin actors executed their malware multiple times within a victim’s network, resulting in the creation of different IDs or file extensions, for each instance of an attack; this results in the victim needing several unique decryption keys,” the advisory said.

More from Cybernews:

Identity theft: why oversharing your data online could put your quality of life in jeopardy

Boston crook jailed for scamming elderly online

Robots hired to stock shelves in Japan’s stores short of staff

Meta's identity crisis could be its downfall

Cybersecurity firm Cisco admits to being hacked

Researchers discover an architectural bug in Intel CPUs

Subscribe to our newsletter

Leave a Reply

Your email address will not be published. Required fields are markedmarked