BlackCSI Blog

BlackCSI has been serving the Pennsylvania area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

The Zeppelin Group is Making Us Ramble On About Ransomware

The Zeppelin Group is Making Us Ramble On About Ransomware

We apologize for the pun, but we couldn’t help ourselves.

When you go about your business and attempt to onboard a new client or implement a new tool for your company, you spend time getting to know what your business is doing and why. Well, a newly formed ransomware group will spend up to two weeks mapping your network before launching its attacks, making it a potent threat actor that you should keep an eye out for on your business network.

What is Zeppelin?

This threat actor, a ransomware group called Zeppelin, is notorious in the cyber threat landscape for demanding large ransoms from even larger businesses in the United States and Europe. The US Cybersecurity and Infrastructure Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a joint warning about the ransomware group.

Having been around since 2019, Zeppelin has launched attacks against businesses in the healthcare, manufacturing, defense, education, and technology sectors. It grew in notoriety for its ransomware-as-a-service offerings and its VegaLocker ransomware, and it has a penchant for targeting healthcare or medical organizations. Ransoms range from thousands of dollars to over a million dollars in some cases.

What Tactics are Being Used?

How is this group able to demand such high ransoms and get away with it? It’s all rooted in their tactics.

The FBI and CISA have found that Zeppelin is a well-organized threat that takes plenty of time to scope out their victims’ network before launching attacks. They take great care in laying the groundwork before they launch their ransomware attacks, looking into potential cloud services and backup solutions in place. After the attacks have been launched, victims are hit with multiple instances of the ransomware and could require several decryption keys to get back in action following the attack.

The joint advisory reads: “The FBI has observed instances where Zeppelin actors executed their malware multiple times within a victim's network, resulting in the creation of different IDs or file extensions, for each instance of an attack; this results in the victim needing several unique decryption keys.”

What Do You Do?

As always, we recommend that you do not pay the ransom under any circumstances, even if the situation seems dire and there is no way out. Paying the ransom only reinforces that ransomware as a threat works against companies like you, and by paying these hackers for the safe return of your data, you are effectively funding further attacks against other organizations just like yours.

Furthermore, there is no guarantee that you will get your data back just by paying the hacker, as it is quite common for ransomware victims to have difficulties with the encryption key following an infection and subsequent ransom payment. There are compliance issues involved too, and though you might feel strong-armed into making this decision, there are better approaches to ransomware that we urge you to consider.

Ransomware can be intimidating, but you should know that you have trusted allies on your side in the fight to protect your infrastructure. By contacting BlackCSI, you can protect your organization’s network, educate your employees, and have a valued resource for any and all of your cybersecurity troubles. We can help you properly address ransomware both before and during an attack so you can optimize your chances of recovering.

To learn more, reach out to us at (717) 620-3042.

Tip of the Week: Creating an Event in Google Calen...
Forcing Remote Teams to Come Back Full Time May Be...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Sunday, November 27, 2022

Captcha Image

Latest News & Events

Leading MTSP Shares Why Email Is an Easy Way to Destroy A Company’s Network HARRISBURG, PA – October 11, 2022 – BlackCSI, a leading managed technology services provider (MTSP), recently announced that they are protecting small to mid-sized ...

Latest Blog

These days, it feels like there are risks around just about every corner that could affect your business. This can make it hard to navigate the challenges of running your company in an efficient way. Let’s examine some of the risks your ave...

Contact Us

Learn more about what BlackCSI
can do for your business.

(717) 620-3042

BlackCSI
507 N. York Street
Mechanicsburg, Pennsylvania 17055