{"id":7275,"date":"2022-08-11T20:54:14","date_gmt":"2022-08-11T11:54:14","guid":{"rendered":"https:\/\/cyberenso.jp\/?p=7275"},"modified":"2022-08-23T20:57:46","modified_gmt":"2022-08-23T11:57:46","slug":"fbi-releases-joint-cybersecurity-advisory-against-zeppelin-ransomware","status":"publish","type":"post","link":"https:\/\/cyberenso.jp\/en\/fbi-releases-joint-cybersecurity-advisory-against-zeppelin-ransomware\/","title":{"rendered":"FBI releases joint cybersecurity advisory against Zeppelin ransomware"},"content":{"rendered":"\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"7275\" class=\"elementor elementor-7275\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-aefe2a4 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"aefe2a4\" data-element_type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e406db1\" data-id=\"e406db1\" data-element_type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t\t\t<div class=\"elementor-element elementor-element-dff5eb2 elementor-widget elementor-widget-text-editor\" data-id=\"dff5eb2\" data-element_type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<p>On Thursday 11th of August 2022, the United States Federal Bureau of Investigation (FBI) released a joint TLP:WHITE cybersecurity advisory which revealed threat actors have been using the Zeppelin ransomware from 2019 through to at least June 2022 where a wide range of businesses and critical infrastructure organisations have been targeted, including defence contractors, educational institutions, manufacturers, technology companies, and especially organisations in the healthcare and medical industries. Zeppelin ransomware is a derivative of the Delphi-based Vega malware family and functions as a Ransomware as a Service (RaaS) where victims of the ransomware have been requested to pay the ransoms in Bitcoin. It has been observed that the initial amounts for ransoms can range from several thousand dollars to over a million dollars.<\/p><p>This joint cybersecurity advisory was released in coordination with the Cybersecurity and Infrastructure Security Agency (CISA) to provide key cyber threat information to disseminate known Zeppelin ransomware IOCs and TTPs associated with ransomware variants identified through FBI investigations as recently as 21 June 2022. The advisory also revealed that the FBI have observed incidents where threat actors have executed the Zeppelin ransomware multiple times within a victim\u2019s network, resulting in the creation of different IDs or file extensions, for each incident of an attack; this results in the victim needing several unique decryption keys.<\/p><p>In the alert, the FBI asked for any information related to the Zeppelin ransomware to be shared with them. This information can include \u201cboundary logs showing communication to and from foreign IP addresses, a sample ransom note, communications with Zeppelin actors, Bitcoin wallet information, decryptor files, and\/or a benign sample of an encrypted file.\u201d<\/p>\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>On Thursday 11th of August 2022, the United States Federal Bureau of Investigation (FBI) released a joint TLP:WHITE cybersecurity advisory which revealed threat actors have been using the Zeppelin ransomware from 2019 through to at least June 2022 where a wide range of businesses and critical infrastructure organisations have been targeted, including defence contractors, educational institutions, manufacturers, technology companies, and<span class=\"excerpt-hellip\"> [\u2026]<\/span><\/p>\n","protected":false},"author":1,"featured_media":7280,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,12,9,2,1],"tags":[],"class_list":["post-7275","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-latest_news","category-read_article","category-ransomware_criminals","category-ce_news","category-uncategorized"],"acf":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/cyberenso.jp\/wp-content\/uploads\/2022\/08\/Picture1-8.jpg?fit=1379%2C919&ssl=1","_links":{"self":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/7275"}],"collection":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/comments?post=7275"}],"version-history":[{"count":6,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/7275\/revisions"}],"predecessor-version":[{"id":7283,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/posts\/7275\/revisions\/7283"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media\/7280"}],"wp:attachment":[{"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/media?parent=7275"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/categories?post=7275"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberenso.jp\/en\/wp-json\/wp\/v2\/tags?post=7275"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}