The healthcare sector is already facing tremendous pressure on the cybersecurity front, and it has been one of the key industries most targeted by cybercriminals during the COVID-19 pandemic. Recently, another old ransomware has re-emerged with fresh waves of attacks on the healthcare and technology sectors.
About Zeppelin Ransomware
• First identified in late 2019, Zeppelin is a variant of the VegaLocker/Buran ransomware-as-a-service family that has sailed back into relevance, after a hiatus of several months.
• This month, Juniper Threatlab researchers released an analysis of a new ransomware campaign calling itself Zeppelin, with a new targeted campaign and a new infection routine.
• Similar to its earlier variant, the malware targets technology and healthcare sectors. Somehow, it avoids infecting computers in Russia, Belarus, Kazakhstan, and Ukraine.
• The wave of attacks remained largely undetected by antivirus applications, due to Zeppelin’s use of a new trojan downloader about1.vbs, hidden in the garbage text of Visual Basic scripts.
• The campaign started in early-June and ran until August.
Multiple Attacks
• Zeppelin’s attack methods are similar to the Sodinokibi (REvil) ransomware variant. In recent times, many other ransomware variants have targeted healthcare facilities and officials through specially crafted malspam.
• In August, REvil ransomware operators had breached the Valley Health Systems and stolen sensitive data, including information related to clients, employees, and patients.
• In the same month, Maze ransomware operators targeted Ventura Orthopedics and uploaded an archive of stolen files on their leak site.
• The Netwalker ransomware operators were also seen targeting The Center for Fertility and Gynecology.
Conclusion
Unlike its predecessor VegaLocker, Zeppelin is a targeted malware with a strategy of launching precise attacks against high-profile targets. To withstand such threats, organizations are recommended to adopt a multi-layered and proactive cybersecurity strategy.