Submit Podcast
Logo

Your Ad Here

Reach thousands of podcast enthusiasts and grow your business with our targeted advertising solutions

Learn More →
HomeCyberWire DailyCISA Alert AA22-223A – #StopRansomware: Zeppelin Ransomware. [CISA Cybersecurity Alerts}
News

CyberWire Daily - CISA Alert AA22-223A – #StopRansomware: Zeppelin Ransomware. [CISA Cybersecurity Alerts}

Episode Date: August 11, 2022

Zeppelin ransomware functions as a ransomware-as-a-service (RaaS), and since 2019, actors have used this malware to target a wide range of businesses and critical infrastructure organizations. Actors ...use remote desktop protocol (RDP), SonicWall firewall vulnerabilities, and phishing campaigns to gain initial access to victim networks and then deploy Zeppelin ransomware to encrypt victims’ files. AA22-223A Alert, Technical Details, and Mitigations Zeppelin malware YARA signature What is Zeppelin Ransomware? Steps to Prepare, Respond, and Prevent Infection Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed TTPs and IOCs to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources. All organizations should report incidents and anomalous activity to CISA’s 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI’s 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 You're listening to the Cyber Wire Network, powered 7th, 2022. The FBI and CISA are releasing this joint advisory to disseminate known Zeppelin ransomware IOCs and TTPs associated with ransomware variants identified through FBI investigations as recently as June 21st, 2022. Zeppelin ransomware is a derivative of the Delphi-based Vega malware family and functions as a ransomware as a service. From 2019 through June 2022, cyber actors have used this malware to target a wider range of businesses and critical infrastructure organizations, including defense contractors, educational institutions, manufacturers, technology companies, and organizations in the healthcare and medical industries. Zeppelin actors have been known to request ransom payments in Bitcoin,
Starting point is 00:01:09 with initial amounts ranging from several thousand dollars to over a million dollars. Zeppelin actors gain access to victim networks via RDP exploitation, exploiting SonicWall firewall vulnerabilities, and phishing campaigns. Prior to deploying Zeppelin ransomware, actors spend one to two weeks mapping the victim network to identify data enclaves, including cloud storage and network backups. Zeppelin actors can deploy Zeppelin ransomware as a.dll or.exe file or contained within a PowerShell loader.
Starting point is 00:01:42 Prior to encryption, Zeppelin actors exfiltrate sensitive company data to sell or publish in the event the victim refuses to pay the ransom. The alert documentation linked in the show notes includes indicators of compromise, a full MITRE ATT&CK mapping for this threat activity, recommended mitigation actions, and detection techniques for Zeppelin malware. This joint cybersecurity advisory is part of an ongoing hashtag stop ransomware effort Thank you. Visit StopRansomware.gov to see all hashtag StopRansomware advisories and to learn more about other ransomware threats and resources. All organizations should report incidents and anomalous activity to CISA's 24-7 Operations Center at central at cisa.dhs.gov or 888-282-0870 and to the FBI via your local FBI field office or the FBI's 24-7 PsyWatch at 855-292-3937 or PsyWatch at fbi.gov. This report was written by CISA, the United States Cybersecurity and Infrastructure Security Agency,
Starting point is 00:02:55 and edited and adapted for audio by the Cyber Wire as a public service. Please visit www.cisa.gov to read the full report, which may include additional details, links, and illustrations. A link to this report can be found in the show notes. This has been a CISA Cybersecurity Alert.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.