The healthcare sector is already facing tremendous pressure on the cybersecurity front, and it has been one of the key industries most targeted by cybercriminals during the COVID-19 pandemic. Recently, another old ransomware has re-emerged with fresh waves of attacks on the healthcare and technology sectors.

What happened?

  • First identified in late 2019, Zeppelin is a variant of the VegaLocker/Buran ransomware-as-a-service family that has sailed back into relevance, after a hiatus of several months.
  • This month, Juniper Threatlab researchers released an analysis of a new ransomware campaign calling itself Zeppelin, with a new targeted campaign and a new infection routine.
  • Similar to its earlier variant, the malware targets technology and healthcare sectors. Somehow, it avoids infecting computers in Russia, Belarus, Kazakhstan, and Ukraine.
  • The wave of attacks remained largely undetected by antivirus applications, due to Zeppelin’s use of a new trojan downloader about1.vbs, hidden in the garbage text of Visual Basic scripts.
  • The campaign started in early-June and ran until August.

Alluring healthcare sector

  • Zeppelin’s attack methods are similar to the Sodinokibi (REvil) ransomware variant. In recent times, many other ransomware variants have targeted healthcare facilities and officials through specially crafted malspam.
  • In August, REvil ransomware operators had breached the Valley Health Systems and stolen sensitive data, including information related to clients, employees, and patients.
  • In the same month, Maze ransomware operators targeted Ventura Orthopedics and uploaded an archive of stolen files on their leak site.
  • The Netwalker ransomware operators were also seen targeting The Center for Fertility and Gynecology.

The bottom line

Unlike its predecessor VegaLocker, Zeppelin is a targeted malware with a strategy of launching precise attacks against high-profile targets. To withstand such threats, organizations are recommended to adopt a multi-layered and proactive cybersecurity strategy.

Cyware Publisher

Publisher

Cyware