The FBI and CISA are releasing a joint CSA to defuse a widely known Zeppelin ransomware IOCs and TTPs. This ransomware is related to the ransomware variants which were recently been identified by the FBI investigations.
Both the agencies encourage organizations to execute the guidance in the Mitigations section of this CSA to decrease the impact of ransomware incidents.
Zeppelin ransomware works as a ransomware-as-a-service (RaaS). Zeppelin ransomware is a copy of the Delphi-based Vega malware family. Since 2019, cybercriminals have used this malware to target various businesses and infrastructure organizations. It has targeted various organisations including defence, educational institutions, technology companies and also healthcare and medical companies.
The hackers use remote desktop protocol (RDP), SonicWall firewall vulnerabilities and fraud campaigns to obtain access to the networks and then install the Zeppelin ransomware into the victim’s systems.
Accordingly, the government has initiated a website called Stopransomware.gov which provides one central location for the ransomware resources and alerts.
