Tech & Innovation in Healthcare

Industry Notes:

Beware Zeppelin Ransomware Attacks, Warns FBI and CISA

Published on Thu Sep 01, 2022

On Aug. 11, 2022, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint cybersecurity advisory (CSA) about the Zeppelin ransomware. Operating as a Ransomware as a Service (RaaS), the ransomware is a version of the Delphi-based Vega malware family.

The agencies noted that malicious actors have used the ransomware for the past three years to target several businesses and infrastructure organizations, “especially organizations in the healthcare and medical industries.” The statement also indicated that initial ransom payment requests ranged from several thousand dollars to over a million dollars, and the actors have been known to request ransom payments in Bitcoin.

By exploiting SonicWall firewall vulnerabilities, taking advantage of remote desktop protocol (RDP) exploitation, and employing phishing attempts, Zeppelin threat actors are able to gain access to targeted networks. However, for approximately one to two weeks before unleashing the attack, the threat actors survey the targeted victim network “to identify data enclaves, including cloud storage and network backups,” the CSA explained. Plus, prior to encrypting the files, threat actors “exfiltrate sensitive company data files to sell or publish in the event the victim refuses to pay the ransom.”

The FBI and CISA also issued recommended mitigations to help reduce the risk of a Zeppelin ransomware infection. Some of the recommendations include:

Creating and implementing a recovery plan
Requiring password logins meet National Institute for Standards and Technology (NIST) standards for managing and developing password policies
Requiring multifactor authentication (MFA) for accounts, virtual private networks (VPNs), email, and other connections to critical systems
Segmenting networks to help stem the spread of the ransomware

The last recommendation is critical in your network’s protection against this specific strain of ransomware. In the joint CSA, officials stated the FBI has seen situations where threat actors “executed their malware multiple times within a victim’s network, resulting in the creation of different IDs or file extensions, for each instance of an attack.” As a result, the victim would need multiple decryption keys.

Tech & Innovation in Healthcare

Telemedicine:
Expand Care Options for Patients in Remote Areas With Telesurgery
Who assumes the liability if there are complications? Imagine this — a patient is laying [...]

Virtual Reality:
Look Forward to Reimbursement for VR-Enhanced Therapy Sessions
Providers help patients solidify skills through VR. Virtual reality (VR) immerses the user in a [...]

Clip and Save:
Arm Your Team With These 10 Crucial Cybersecurity Terms
Hint: 2FA is not an apartment number. With a seemingly endless flow of cyberattacks on [...]

Industry Notes:
Beware Zeppelin Ransomware Attacks, Warns FBI and CISA
On Aug. 11, 2022, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure [...]

Reader Questions:
Prepare for Pain-Free Diabetes Tests
Question: We have several patients in our practice who suffer from diabetes, and nearly all of [...]

Reader Questions:
Know When Seizures Will Onset With a Wrist Monitor
Question: I have several patients who suffer from epilepsy in one form or another. Upon an [...]

Reader Questions:
Stay Aware of This Dangerous Malware
Question: A colleague’s practice had their network infected by emotet malware. We’re a small practice, but [...]

View All