- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
- Join BJ's Wholesale Club for just $20 right now to save on holiday shopping
- This $28 'magic arm' makes taking pictures so much easier (and it's only $20 for Black Friday)
Zeppelin ransomware gang is back after a temporary pause
Operators behind the Zeppelin ransomware-as-a-service (RaaS) have resumed their operations after a temporary interruption.
Researchers from BleepingComputer reported that operators behind the Zeppelin ransomware-as-a-service (RaaS), aka Buran, have resumed their operations after a temporary interruption. Unlike other ransomware, Zeppelin operators do not steal data from the victims and don’t run a leak site.
Zeppelin ransomware first appeared on the threat landscape in November 2019 when experts from BlackBerry Cylance found a new variant of the Vega RaaS, dubbed Zeppelin. The new variant was involved in attacks aimed at technology and healthcare companies across Europe, the United States, and Canada. Zeppelin was first discovered in November, at the time it was distributed through watering hole attack in which the PowerShell payloads were hosted on the Pastebin website.
Unlike other variants of the Vega ransomware, the Zeppelin ransomware doesn’t infect users in Russia or other ex-USSR countries like Ukraine, Belorussia, and Kazakhstan.
Upon execution, the ransomware enumerates files on all drives and network shares and attempt to encrypt them, experts noticed that the encryption algorithm used is the same as the one of the other Vega variants.
Last month experts spotted a new variant of the ransomware on a hacker forum allowing buyers to opt how to use the malware.
“This is in contrast with the classic RaaS operations, where developers typically look for partners to breach into a victim network, to steal data, and deploy the file-encrypting malware. The two parties then split paid ransoms, with developers getting the smaller piece (up to 30%).” reported BleepingComputer.
Researchers from Advanced Intel (AdvIntel) reported that developers of the Zeppelin ransomware updated their malware in April implementing some enhancements.
The malware was available for sale at a price tag of $2,300 per core build, but they offered individual conditions to their subscribers.
Advanced Intel researchers pointed out that even if the Zeppelin gang doesn’t implement a common RaaS model, they represent a serious threat to organizations worldwide.
Follow me on Twitter: @securityaffairs and Facebook
Pierluigi Paganini
International Editor-in-Chief
Cyber Defense Magazine
