Security News > 2022 > August > FBI: Zeppelin ransomware may encrypt devices multiple times in attacks

The Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation warned US organizations today that attackers deploying Zeppelin ransomware might encrypt their files multiple times.
The two federal agencies also shared tactics, techniques, and procedures and indicators of compromise to help security professionals detect and block attacks using this ransomware strain.
"The FBI has observed instances where Zeppelin actors executed their malware multiple times within a victim's network, resulting in the creation of different IDs or file extensions, for each instance of an attack; this results in the victim needing several unique decryption keys," a joint advisory published today revealed.
Detected by the FBI as recently as June 21, Zeppelin is a Ransomware as a Service operation whose malware went through several name changes from VegaLocker to Buran, VegaLocker, Jamper, and now Zeppelin.
The FBI also asked [PDF] IT admins who detect Zeppelin ransomware activity within their enterprise networks to collect and share any related information with their local FBI Field Office.
The FBI added that it does not encourage paying Zeppelin ransom demands and advised victims against it since they'll have no guarantee that paying the ransom will prevent data leaks or future attacks.
News URL
Related news
- Hunters International ransomware claims attack on Tata Technologies (source)
- Toronto Zoo shares update on last year's ransomware attack (source)
- Ransomware gang creates tool to automate VPN brute-force attacks (source)
- SANS Institute Warns of Novel Cloud-Native Ransomware Attacks (source)
- ⚡ THN Weekly Recap: Router Hacks, PyPI Attacks, New Ransomware Decryptor, and More (source)
- BlackLock ransomware claims nearly 50 attacks in two months (source)
- Medusa Ransomware Strikes 300+ Targets: FBI & CISA Urge Immediate Action to #StopRansomware (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- RedCurl cyberspies create ransomware to encrypt Hyper-V servers (source)
- Texas State Bar warns of data breach after INC ransomware claims attack (source)