Cisco Vulnerability: A Potential Gateway for Hackers
A recently disclosed flaw in Cisco’s Integrated Management Controller (IMC) has raised concerns amongst businesses and individuals. Experts warn that this high-severity vulnerability could allow…
FBI Warns of Zeppelin Ransomware Gangs Encrypting Files Multiple Times
Description:
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have released an advisory detailing the actions of a newly detected ransomware dubbed ‘Zeppelin’.
The malware, which was recently first detected by the FBI in June 2022, has been seen encrypting files on victim devices multiple times, therefore requiring multiple decryption keys to regain access to the data. Additionally, the FBI warns that threat actors deploying Zeppelin ransomware will download data before encrypting it, going on to sell the data online or threaten to release it in the event a victim refuses to pay the ransom, as can be seen in their ransom note.
Some of the notable ways threat actors deploying Zeppelin gained access to victim’s network was through phishing campaigns, exploiting vulnerabilities in public-facing systems (notably SonicWall firewall), and RDP exploitation. The FBI adds that threat actors will typically spend a few weeks mapping the victim network, specifically looking for cloud storage and backup systems
A full technical description, as well as indicators of compromise for this malware, can be found here.
Preventions:
Some of the best steps to take to stay protected against any ransomware include:
- Ensuring that an updated antivirus is running on all work devices
- Regularly creating multiple backups of all essential data
- Consider the 3-2-1 rule when creating data backups: Have at least 3 copies, on 2 devices, with 1 offsite backup
- If possible, ensure an administrator account must approve all new software – all other accounts should require permission before downloading new applications
- Ensure backup methods cannot be edited by malware should ransomware get on your system
- Keep all work devices and software regularly updated and on the latest operating system versions
The FBI has also released the indicators of compromise and attack techniques for this malware. If possible, consider setting up systems that can detect hashes and activity related to this attack.
As threat actors deploying this attack have been seen spending time looking around victim networks prior to deploying the ransomware, keep on the lookout for suspicious and unusual activity within your network. This may include connections from unusual IP addresses, multiple login attempts, and unusual changes to user accounts and system settings.
The FBI also specified that threat actors were specifically targeting SonicWall vulnerabilities. Should you use SonicWall firewall, check that your SonicWall systems are on the latest versions, and update as soon as possible if not.
Related Links:
https://www.cisa.gov/uscert/ncas/alerts/aa22-223a – Published August 11th
Related articles
Inside the LabHost Takedown: How Police Busted a Global Phishing Empire
The familiar scenario plays out countless times each day: you receive a panicked text message. Your bank account has been compromised, or a package awaits…
PuTTY SSH Flaw: What You Need to Know
A recently disclosed vulnerability in the popular SSH client PuTTY (versions 0.68 to 0.80) could allow attackers to recover private encryption keys, potentially enabling them…