SAN FRANCISCO - Federal authorities are warning companies in the Bay Area of increasing ransomware cyberattacks known as Zeppelin.
The FBI and the Cybersecurity and Infrastructure Security (CISA) Agency said the warning is aimed at all industries but specifically those dealing with COVID and monkeypox.
"Zeppelin ransomware has been particularly interested in targeting the health care industries," said FBI San Francisco Assistant Agent-in-Charge Elvis Chan.
Attackers are looking for cash cows that have weak cybersecurity.
"They're kind of cyber poor, but they're financially rich if you will," said CISA Regional Region IX Cybersecurity Chief Joe Oregon.
The Zeppelin ransomware can both hide or steal a victim's data, rendering it useless. Often, the criminals demand Bitcoin payments of thousands to over a million dollars.
"If a victim company can get us involved soon enough, then we can do a good job of blockchain analysis in tracking where those funds go, even if they go through money laundering services called mixers or tumblers," said FBI Agent Chan.
Once ransom is actually paid, the victims expect promised codes to restore their data.
"There is no honor amongst thieves. When victim companies pay the ransom, only one out of every four times, do they get the key and it unlocks all of their data," said Chan.
Zeppelin's creators have now begun leasing their ransomware to other cyber criminals who might have other incentives like terrorism, financial destabilization, or anarchy.
"They can potentially sell that data to other hackers to say, 'Hey, we made a million dollars off this organization we'll sell this data to you for x amount,'" said Oregon.
Since attackers often bounce their crimes through legitimate servers and computers, available destructive counterattacks are risky.