As part of their ongoing efforts to help healthcare organizations prevent cyberattacks, the FBI and Cybersecurity and Infrastructure Security Agency released a new cybersecurity advisory (CSA) warning health IT leaders about a recent ransomware threat known as Zeppelin.
The threat is a Ransomware as a Service attack derived from the Delphi-based Vega malware family. From 2019 through at least June 2022, malicious actors have used Zeppelin malware to target a variety of businesses and critical infrastructure organizations, especially healthcare organizations.
The percentage of healthcare organizations hit by ransomware attacks has nearly doubled in recent years, from 34 percent in 2020 to 66 percent in 2021, according to Sophos’s The State of Ransomware in Healthcare 2022 report, which attributes the increase, in part, to the growing success of the Ransomware as a Service model.
Threat actors using Zeppelin have requested ransom payments in bitcoin, with initial amounts ranging from several thousand dollars to more than $1 million. According to the CSA, cyberattackers gain access to healthcare organizations’ networks via RDP exploitation, exploiting SonicWall firewall vulnerabilities and phishing campaigns. To identify data enclaves, including cloud storage and network backups, attackers map or enumerate an organization’s network for up to two weeks prior to an attack.
Click the banner below for more HealthTech content on security and zero trust.
How Health Systems Can Protect Against Zeppelin Ransomware
Healthcare organizations can take several steps to mitigate the effects of a Zeppelin ransomware attack, such as implementing a backup and recovery plan, complying with National Institute for Standards and Technology standards for developing and managing password policies, and requiring multifactor authentication.
Other mitigation tactics include:
- Keeping operating systems and software up to date with timely patching, especially of SonicWall firewall vulnerabilities
- Segmenting networks to control traffic flow between subnetworks and prevent the spread of ransomware
- Implementing network monitoring tools to aid in identifying, detecting and investigating abnormal activity
- Ensuring data backups are encrypted and immutable
Healthcare organizations facing a ransomware threat should report the incident to the FBI, CISA or the U.S. Secret Service.