Just like any other business that takes some time to get to know a new client, a new type of ransomware can take up to two weeks to map a network before it goes in for the kill. This threat from a group called Zeppelin has the potential to be a major threat actor in the ransomware space.
Zeppelin is a ransomware group that has historically demanded large sums of money from large businesses in the United States and Europe. The US Cybersecurity and Infrastructure Agency and the Federal Bureau of Investigation have doubled down on their warning about the ransomware group.
This threat has been around since 2019, and as you might expect, it has targeted several different types of companies and organizations, including those in the healthcare, manufacturing, defense, education, and technology sectors. Zeppelin grew in popularity thanks to their offering ransomware-as-a-service attacks using its VegaLocker ransomware with a predisposition for striking healthcare and medical companies. In some cases, ransoms can reach up to millions of dollars.
The reason why Zeppelin can demand such massive sums is because of the tactics it uses. Zeppelin takes great steps toward ensuring that they know the victim’s network before they launch their attacks, looking into things such as cloud infrastructure and data backup solutions. Once the attack is initiated, it strikes with multiple different instances that all require different decryption keys.
In other words, they make it so hard to recover that the companies have no choice but to shell out the big bucks.
The joint advisory reads: “The FBI has observed instances where Zeppelin actors executed their malware multiple times within a victim's network, resulting in the creation of different IDs or file extensions, for each instance of an attack; this results in the victim needing several unique decryption keys.”
We always recommend that you don’t pay the ransom, even if it seems dire enough to consider. When you pay the ransom, you are funding further attacks and reinforcing the idea that these types of attacks work. Plus, there is no real guarantee that you’ll get your data back. There are often instances where hackers will give up the decryption key, but the key either won’t work or the data is corrupted or lost anyway, leaving businesses out of luck and out of money. Plus, you have compliance issues to worry about, too.
Instead, we urge you to not let the ransomware threats intimidate you into paying the ransom, but instead to contact your trusted IT resource, like the professionals at SCW, to see what can be done. Most of the time, it’s easier to just prevent ransomware attacks in the first place through proactive security and training, and we can do both for your organization.
To learn more, contact us at (509) 534-1530.
About the author
Sam is a network engineer with a broad range of experience spanning more than 35 years. He wrote is first piece of code in 1979 and has been involved with the industry ever since. For the last 20 years, he has worked for SCW Consulting where he has embraced his passion for network technology and security.
Mobile? Grab this Article!