Ransomware Group

Zeppelin

Also known as: Buran

Status: inactive • First seen 2019-11200+ known victims

Zeppelin attacked American hospitals through remote desktop connections. The FBI eventually found a way to crack their encryption and released free tools to help victims recover their files.

Overview

Zeppelin was a ransomware strain that specifically targeted US healthcare organizations through RDP exploitation. The FBI released a decryptor after discovering vulnerabilities in the encryption.

Target Industries

Healthcare, Technology, Defense, Education

How They Attack

  • RDP exploitation
  • Healthcare focus
  • Double extortion
  • VegaLocker lineage

Notable Victims

US healthcare providers (2020), Defense contractors

Is your business exposed?

How to Protect Against Zeppelin

  1. 1.

    Check for FBI Zeppelin decryptor availability

  2. 2.

    Secure RDP behind VPN with MFA

  3. 3.

    Follow FBI healthcare cybersecurity guidance

MITRE ATT&CK Techniques

T1021.001, T1486, T1567, T1078

Related Groups

Vegalocker

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices