Send Us An Email

Give us a call

Headquarters

OnSite I.T. Blog

This Ransomware Group’s Antics Remind Us How Dangerous Ransomware Can Be

This Ransomware Group’s Antics Remind Us How Dangerous Ransomware Can Be

Just like any other business that takes some time to get to know a new client, a new type of ransomware can take up to two weeks to map a network before it goes in for the kill. This threat from a group called Zeppelin has the potential to be a major threat actor in the ransomware space.

What is Zeppelin?

Zeppelin is a ransomware group that has historically demanded large sums of money from large businesses in the United States and Europe. The US Cybersecurity and Infrastructure Agency and the Federal Bureau of Investigation have doubled down on their warning about the ransomware group.

This threat has been around since 2019, and as you might expect, it has targeted several different types of companies and organizations, including those in the healthcare, manufacturing, defense, education, and technology sectors. Zeppelin grew in popularity thanks to their offering ransomware-as-a-service attacks using its VegaLocker ransomware with a predisposition for striking healthcare and medical companies. In some cases, ransoms can reach up to millions of dollars.

What Kinds of Tactics Does It Use?

The reason why Zeppelin can demand such massive sums is because of the tactics it uses. Zeppelin takes great steps toward ensuring that they know the victim’s network before they launch their attacks, looking into things such as cloud infrastructure and data backup solutions. Once the attack is initiated, it strikes with multiple different instances that all require different decryption keys.

In other words, they make it so hard to recover that the companies have no choice but to shell out the big bucks.

The joint advisory reads: “The FBI has observed instances where Zeppelin actors executed their malware multiple times within a victim's network, resulting in the creation of different IDs or file extensions, for each instance of an attack; this results in the victim needing several unique decryption keys.”

What Can Be Done?

We always recommend that you don’t pay the ransom, even if it seems dire enough to consider. When you pay the ransom, you are funding further attacks and reinforcing the idea that these types of attacks work. Plus, there is no real guarantee that you’ll get your data back. There are often instances where hackers will give up the decryption key, but the key either won’t work or the data is corrupted or lost anyway, leaving businesses out of luck and out of money. Plus, you have compliance issues to worry about, too.

Instead, we urge you to not let the ransomware threats intimidate you into paying the ransom, but instead to contact your trusted IT resource, like the professionals at OnSite I.T., to see what can be done. Most of the time, it’s easier to just prevent ransomware attacks in the first place through proactive security and training, and we can do both for your organization.

To learn more, contact us at (403) 210-2927.

Tip of the Week: Saving Files from the Internet as...
What You Need to Know About the Command Prompt
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Tuesday, 17 December 2024

Captcha Image

Mobile? Grab this Article

QR Code

Customer Login

Latest Blog

Want to be a business without hearing how artificial intelligence is changing the industry? Good luck; it’s a big deal that this technology has flourished in recent years, and businesses have found all kinds of ways to implement it. While AI has sign...

Contact us

Learn more about what OnSite I.T. can do for your business.

OnSite I.T.
429 14th St. N.W. #104
Calgary, Alberta T2N 2A3, Canada