An example of a ransom note from threat actors using the Zeppelin ransomware. (CISA)The FBI has identified the Zeppelin ransomware and its variants being used in attacks as recently as June 21 and, along with the Cybersecurity and Infrastructure Security Agency, is informing organizations of the signs associated with the Delphi-based Vega malware family in a joint alert released Thursday.Threat actors have used Zeppelin since 2019 as ransomware-as-a-service (RaaS) to target a wide range of organizations, including defense contractors, educational institutions, manufacturers, tech companies, and especially healthcare and the medical industries, according to the alert.The bad actors gain access to networks a variety of ways, including RDP exploitation, SonicWall firewall vulnerabilities and phishing campaigns, and spend one to two weeks mapping the network before deploying the ransomware.
See the alert here for details of the indications of compromise (IoCs) and tactics, techniques and procedures (TTPs).
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Stephen Weigand is managing editor and production manager for SC Media. He has worked for news media in Washington, D.C., covering military and defense issues, as well as federal IT. He is based in the Seattle area.
Indiana officials are urging residents to delete phishing emails impersonating state agencies and falsely claiming unpaid toll violations, StateScoop reports.
A newly uncovered phishing campaign linked to North Korean APT group Kimsuky shows a marked evolution in its technical sophistication, particularly in targeting cryptocurrency holders and government-affiliated individuals, according to Cyber Security News.
TechRadar reports that increased cybersecurity investments have not prevented 67% of companies from experiencing data breaches over the past 24 months.