The healthcare sector is already facing tremendous pressure on the cybersecurity front, and it has been one of the key industries most targeted by cybercriminals during the COVID-19 pandemic. Recently, another old ransomware has re-emerged with fresh waves of attacks on the healthcare and technology sectors.
- First identified in late 2019, Zeppelin is a variant of the VegaLocker/Buran ransomware-as-a-service family that has sailed back into relevance, after a hiatus of several months.
- This month, Juniper Threatlab researchers released an analysis of a new ransomware campaign calling itself Zeppelin, with a new targeted campaign and a new infection routine.
- Similar to its earlier variant, the malware targets technology and healthcare sectors. Somehow, it avoids infecting computers in Russia, Belarus, Kazakhstan, and Ukraine.
- The wave of attacks remained largely undetected by antivirus applications, due to Zeppelin’s use of a new trojan downloader about1.vbs, hidden in the garbage text of Visual Basic scripts.
- The campaign started in early-June and ran until August.
Alluring healthcare sector
- Zeppelin’s attack methods are similar to the Sodinokibi (REvil) ransomware variant. In recent times, many other ransomware variants have targeted healthcare facilities and officials through specially crafted malspam.
- In August, REvil ransomware operators had breached the Valley Health Systems and stolen sensitive data, including information related to clients, employees, and patients.
- In the same month, Maze ransomware operators targeted Ventura Orthopedics and uploaded an archive of stolen files on their leak site.
- The Netwalker ransomware operators were also seen targeting The Center for Fertility and Gynecology.
The bottom line
Unlike its predecessor VegaLocker, Zeppelin is a targeted malware with a strategy of launching precise attacks against high-profile targets. To withstand such threats, organizations are recommended to adopt a multi-layered and proactive cybersecurity strategy.