FBI warns new variant of ransomware fraud targets hospital, medical device companies in Bay Area

Stephanie Sierra Image
Tuesday, August 23, 2022
FBI: New ransomware fraud targets hospital, medical device companies
The FBI is sounding the alarm to Zeppelin, a new form of ransomware targeting hospital and medical device companies in the Bay Area.

SAN FRANCISCO (KGO) -- The FBI and federal cybersecurity officials are sounding the alarm to a new form of ransomware that is targeting hospital and medical device companies in the Bay Area.


Ransomware is a type of malware that threatens to publish victim's personal data or block access to it unless a ransom is paid.

RELATED: Bay Area software developer loses $1.3M in cash and retirement in popular crypto scam

"I use the word criminal very deliberately here," said Joseph Oregon, the cybersecurity chief for the Cybersecurity and Infrastructure Security Agency, or CISA. "These are criminal organizations."

The new threat

Federal investigators say this ransomware fraud is advancing with a new variant called Zeppelin. It's a type of malware that criminals use to target businesses and large corporations.

"There are hundreds of ransomware variants out there and right now Zeppelin is top of mind," said Elvis Chan, an assistant special agent in charge with the FBI. "They like to target companies in the healthcare sector, small community hospitals, larger hospitals, and medical device companies."

Zeppelin ransomware first surfaced in 2019 but is now becoming more prevalent. Chan says it was most recently detected in late June.

VIDEO: Scammers hack into Bay Area victims' phones accessing photos, camera and location in crypto fraud

A new cryptocurrency scam circulating the Bay Area is haunting victims with a new threat - taking control of their mobile device.

Here's how it works

Investigators say scammers will spend weeks trying to hack into their victim's computer networks. In some cases, they'll find a glitch in your computer software that gives them access to your personal data and use it to blackmail you. Or victims will get an email, also known as a phishing attempt, threatening their company has been hacked and if the ransom isn't paid, confidential files will be exposed. The payment is usually through digital currency like Bitcoin.

"This is not something you can pay your way out of," said Oregon.

Bottom line - never pay the ransom. Investigators say if you do, you're twice as likely to be hit with another cyberattack within six months.

"In fact, a recent survey showed that 80% of businesses that paid a ransomware were also hit again," said Oregon.

RELATED: Bank of America customer loses thousands after being tricked by Zelle scammers with personal info

One recent victim of the Zelle scam is a San Francisco man who says the imposters knew all of his banking information, leading him into the trap.

The FBI reports most of the criminal organizations behind the ransomware attacks are operating overseas - some even traced to cyber espionage groups in China and Russia.

So what can you do to protect yourself?

  • Use two-factor authentication whenever you're logging into any of your devices or computer network
  • Regularly update your software
  • Always make sure your data is backed up on a hard drive

"All of the newer variants of ransomware will try to find your backups and corrupt them," said Chan.

Report a crime

If you have been a victim of ransomware - file a report here or to the FBI's Internet Crime Complaint center here.

Now Streaming 24/7 Click Here

If you're on the ABC7 News app, click here to watch live