The healthcare sector is already facing tremendous pressure on the cybersecurity front, and it has been one of the key industries most targeted by cybercriminals during the COVID-19 pandemic. Recently, another old ransomware has re-emerged with fresh waves of attacks on the healthcare and technology sectors.
First identified in late 2019, Zeppelin is a variant of the VegaLocker/Buran ransomware-as-a-service family that has sailed back into relevance, after a hiatus of several months.
This month, Juniper Threatlab researchers released an analysis of a new ransomware campaign calling itself Zeppelin, with a new targeted campaign and a new infection routine.
Similar to its earlier variant, the malware targets technology and healthcare sectors. Somehow, it avoids infecting computers in Russia, Belarus, Kazakhstan, and Ukraine.
The wave of attacks remained largely undetected by antivirus applications, due to Zeppelin’s use of a new trojan downloader about1.vbs, hidden in the garbage text of Visual Basic scripts.
The campaign started in early-June and ran until August.
Alluring healthcare sector
Zeppelin’s attack methods are similar to the Sodinokibi (REvil) ransomware variant. In recent times, many other ransomware variants have targeted healthcare facilities and officials through specially crafted malspam.
In August, REvil ransomware operators had breached the Valley Health Systems and stolen sensitive data, including information related to clients, employees, and patients.
In the same month, Maze ransomware operators targeted Ventura Orthopedics and uploaded an archive of stolen files on their leak site.
The Netwalker ransomware operators were also seen targeting The Center for Fertility and Gynecology.
The bottom line
Unlike its predecessor VegaLocker, Zeppelin is a targeted malware with a strategy of launching precise attacks against high-profile targets. To withstand such threats, organizations are recommended to adopt a multi-layered and proactive cybersecurity strategy.