Last week, the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) released a joint cybersecurity advisory alerting critical infrastructure about the dangers posed by Zeppelin ransomware. The ransomware, which has been in existence since 2019, has peaked again this year, posing problems to defense contractors, technology companies, manufacturers, educational institutions, and healthcare organizations. Although there have not been reports of veterinary practices being targeted by Zeppelin, all other major ransomware strains started with other industries before focusing on veterinary practices.
What is Zeppelin Ransomware?
First discovered in 2019 by GrujaRS, Zeppelin is a variant of Buran ransomware that is capable of encrypting a computer system and appending filenames with randomized extensions that use a hexadecimal numeral system in order to compel victims to pay for a decryption tool.
To carry out the attack, they start by encrypting your files, then change the extensions of all your files with random hexadecimal numeral systems; for instance, your word document MyDocument.doc is converted to something like MyDocument.555-D5u-T90. After changing your file extensions, the malicious program is able to save a.txt called “!!! ALL YOUR FILES ARE ENCRYPTED !!!.TXT” on the desktop. The saved file is not encrypted and can be opened. The text file also makes it clear that you have been targeted by Zeppelin ransomware.
When opened, the text message contains information about the data encryption. It also highlights important data that has been encrypted, including databases, photos, documents, e.t.c. The .txt files also warn their victims that third-party decryption keys will not work, and that trying to make changes to file extensions may result in permanent loss of their data. It finishes off with an email address that establishes contact with cybercriminals.
Upon reaching out to the cybercriminals using the email they have provided, you are sent instructions on how to pay.
One of the reasons that many cybersecurity experts have termed Zeppelin more dangerous than other strains of ransomware is its ability to do multi-encryption. This is achieved by the ransomware executing multiple times, with each time creating different IDs and file extensions. It is also for this reason that cybercriminals behind the Zeppelin ransomware have grown confident that third-party programs cannot decrypt their attacks.
How Zeppelin Ransomware is Distributed
As a practice owner, the threat of Zeppelin ransomware infecting your veterinary practice is real, and chances are, if you are not careful, you will be dealing with it in the future. However, by knowing how Zeppelin ransomware is being distributed, you can help address the problem before falling victim to such attacks.
The first source of Zeppelin is from untrustworthy download sources. If any of your staff uses websites such as torrents, illegal software download websites, or cracked software websites, then you are susceptible to Zeppelin attacks. Cybercriminals running the ransomware are aware that most organizations look for shortcuts to cut costs, which can include downloading software away from official websites. Therefore, they attach their malicious software to downloads, and once you run them, the entire organization becomes infected with the ransomware.
Another source of Zeppelin ransomware is phishing emails, which mostly use macros on Microsoft documents to infect your computer. Therefore, scanning attachments in your email before downloading can help address this problem. You should also be aware that some forms of phishing involve sending you to unsecure websites that download malicious software that ends up causing damage to your computer systems.
Software craving tools are also a source of Zeppelin. Cybercriminals recognize that most people would rather get a cracking tool than pay to use the software. Therefore, they act as providers of these cracking tools. When installed on your computers, despite doing what it promises to do, it also installs malicious software such as Zeppelin, which can lead to your veterinary practice becoming a victim of a cyberattack.
How to Protect Your Veterinary Practice from Zeppelin Ransomware
To ensure that your veterinary practice is not compromised, you should consider installing anti-malware on your computer system. There is a high chance that, despite taking measures, Zeppelin ransomware will find its way into your practice’s computer systems. In such cases, there is little you can do except depend on the security protocols you have.
Training should also be part of your ransomware attack prevention strategy. Most attacks are a result of ignoring red flags. This includes phishing attacks, downloading cracking tools, and deploying these tools on a computer due to a lack of awareness of how cybercriminals operate. Training your veterinary practice staff to avoid falling into the traps of cybercriminals can, therefore, help prevent your practice from being attacked.
Download our FREE eBook
Want a more detailed list of precautions you can take yourself to protect your hospital from a Zeppelin Ransomware attack? Download our FREE eBook “5 Simple Steps to Protect Your Practice“!
Clint Latham