CISA and FBI Released a Joint Cybersecurity Advisory on Zeppelin Ransomware

By Aimee Andres | August 14, 2022

CISA and FBI Released a Joint Cybersecurity Advisory on Zeppelin Ransomware

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) recently released a joint Cybersecurity Advisory (CSA) with technical details on Zeppelin ransomware along with recommend actions, mitigations, and resources for organizations to use to protect and respond to this cyber threat. This joint CSA is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and threat actors.

Observed as recently as April 2022, malicious actors using Zeppelin exploit vulnerabilities in remote desktop protocol and SonicWall firewall, and phishing campaigns to gain initial access to victims’ network. The advisory contains several indicators of compromise (file hashes) that network defenders can use to detect if this threat is on their networks.

Some actions that organizations can take to protect against ransomware include prioritizing patching known exploited vulnerabilities, training users to recognize and report phishing attempts, and enforcing multifactor authentication. Other mitigations in the CSA include implementing network segmentation, installing and regularly updating antivirus software, using and protecting passwords properly, and disabling unused ports.

The #StopRansomware advisories in the awareness effort will include recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware. Organizations are encouraged to review the CSA for complete details on this threat and recommended mitigations.

Your support to amplify this CSA through your communications and social media channels is appreciated. And as always, thank you for your continued collaboration.

 

Steve Lyddon
Protective Security Advisor, Region 5, Illinois
Cybersecurity & Infrastructure Security Agency
U.S. Department of Homeland Security
217-299-3954/ steven.lyddon@cisa.dhs.gov

Posted in CISA/DHS News