Ransomware, Threat Management, Breach

Federal agencies warn organizations of Zeppelin ransomware

An example of a ransom note from threat actors using the Zeppelin ransomware. (CISA)
An example of a ransom note from threat actors using the Zeppelin ransomware. (CISA)

The FBI has identified the Zeppelin ransomware and its variants being used in attacks as recently as June 21 and, along with the Cybersecurity and Infrastructure Security Agency, is informing organizations of the signs associated with the Delphi-based Vega malware family in a joint alert released Thursday.

Threat actors have used Zeppelin since 2019 as ransomware-as-a-service (RaaS) to target a wide range of organizations, including defense contractors, educational institutions, manufacturers, tech companies, and especially healthcare and the medical industries, according to the alert.

The bad actors gain access to networks a variety of ways, including RDP exploitation, SonicWall firewall vulnerabilities and phishing campaigns, and spend one to two weeks mapping the network before deploying the ransomware.

See the alert here for details of the indications of compromise (IoCs) and tactics, techniques and procedures (TTPs).

Stephen Weigand

Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.