FBI warns new variant of ransomware fraud targets hospital, medical device companies in Bay Area

Stephanie Sierra Image
Tuesday, August 23, 2022
EMBED <>More Videos

The FBI is sounding the alarm to Zeppelin, a new form of ransomware targeting hospital and medical device companies in the Bay Area.

SAN FRANCISCO (KGO) -- The FBI and federal cybersecurity officials are sounding the alarm to a new form of ransomware that is targeting hospital and medical device companies in the Bay Area.

Ransomware

Ransomware is a type of malware that threatens to publish victim's personal data or block access to it unless a ransom is paid.

RELATED: Bay Area software developer loses $1.3M in cash and retirement in popular crypto scam

"I use the word criminal very deliberately here," said Joseph Oregon, the cybersecurity chief for the Cybersecurity and Infrastructure Security Agency, or CISA. "These are criminal organizations."

The new threat

Federal investigators say this ransomware fraud is advancing with a new variant called Zeppelin. It's a type of malware that criminals use to target businesses and large corporations.

"There are hundreds of ransomware variants out there and right now Zeppelin is top of mind," said Elvis Chan, an assistant special agent in charge with the FBI. "They like to target companies in the healthcare sector, small community hospitals, larger hospitals, and medical device companies."

Zeppelin ransomware first surfaced in 2019 but is now becoming more prevalent. Chan says it was most recently detected in late June.

VIDEO: Scammers hack into Bay Area victims' phones accessing photos, camera and location in crypto fraud

Here's how it works

Investigators say scammers will spend weeks trying to hack into their victim's computer networks. In some cases, they'll find a glitch in your computer software that gives them access to your personal data and use it to blackmail you. Or victims will get an email, also known as a phishing attempt, threatening their company has been hacked and if the ransom isn't paid, confidential files will be exposed. The payment is usually through digital currency like Bitcoin.

"This is not something you can pay your way out of," said Oregon.

Bottom line - never pay the ransom. Investigators say if you do, you're twice as likely to be hit with another cyberattack within six months.

"In fact, a recent survey showed that 80% of businesses that paid a ransomware were also hit again," said Oregon.

RELATED: Bank of America customer loses thousands after being tricked by Zelle scammers with personal info

The FBI reports most of the criminal organizations behind the ransomware attacks are operating overseas - some even traced to cyber espionage groups in China and Russia.

So what can you do to protect yourself?

  • Use two-factor authentication whenever you're logging into any of your devices or computer network
  • Regularly update your software
  • Always make sure your data is backed up on a hard drive

"All of the newer variants of ransomware will try to find your backups and corrupt them," said Chan.

Report a crime

If you have been a victim of ransomware - file a report here or to the FBI's Internet Crime Complaint center here.

If you're on the ABC7 News app, click here to watch live