Earlier this week, the US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a report detailing the tactics of the ransomware group referred to as Zeppelin. The group has been targeting organizations in the US and Europe, often issuing massive ransomware demands once they have compromised an organization’s network. Zeppelin has been around since 2019, and typically operates as a ransomware-as-a-service double extortion operation. The group is known to target healthcare sector organizations. However, it has also targeted defense contractors, education institutions, manufacturers, technology companies, and other industries.
The CISA and FBI advisory states that Zeppelin actors have also compromised victim networks via exploitation of remote desktop protocol, phishing, and firewall vulnerabilities. The UK’s National Health Service reported in 2021 that the group was using malicious macros hidden in Word documents to spread malware. Zeppelin is known to request high ransom demands, frequently in excess of $1 million. The FBI has found that the attackers are thorough in laying groundwork before and during their ransomware deployments. They spend weeks mapping networks to ensure successful attacks and ensures victims need not just one but possibly multiple decryption keys.
Read More: FBI, CISA warn over ransomware gang that can make million dollar demands
