- I opened up a cheap 600W charger to test its build, and found 'goo' inside
- How to negotiate like a pro: 4 secrets to success
- One of the cheapest Android tablets I've ever tested replaced my iPad with no sweat
- I use this cheap Android tablet more than my iPad Pro - and don't regret it
- The LG soundbar made my home audio sound like a theater - even though it's not the newest model
Zeppelin ransomware gang is back after a temporary pause
Operators behind the Zeppelin ransomware-as-a-service (RaaS) have resumed their operations after a temporary interruption.
Researchers from BleepingComputer reported that operators behind the Zeppelin ransomware-as-a-service (RaaS), aka Buran, have resumed their operations after a temporary interruption. Unlike other ransomware, Zeppelin operators do not steal data from the victims and don’t run a leak site.
Zeppelin ransomware first appeared on the threat landscape in November 2019 when experts from BlackBerry Cylance found a new variant of the Vega RaaS, dubbed Zeppelin. The new variant was involved in attacks aimed at technology and healthcare companies across Europe, the United States, and Canada. Zeppelin was first discovered in November, at the time it was distributed through watering hole attack in which the PowerShell payloads were hosted on the Pastebin website.
Unlike other variants of the Vega ransomware, the Zeppelin ransomware doesn’t infect users in Russia or other ex-USSR countries like Ukraine, Belorussia, and Kazakhstan.
Upon execution, the ransomware enumerates files on all drives and network shares and attempt to encrypt them, experts noticed that the encryption algorithm used is the same as the one of the other Vega variants.
Last month experts spotted a new variant of the ransomware on a hacker forum allowing buyers to opt how to use the malware.
“This is in contrast with the classic RaaS operations, where developers typically look for partners to breach into a victim network, to steal data, and deploy the file-encrypting malware. The two parties then split paid ransoms, with developers getting the smaller piece (up to 30%).” reported BleepingComputer.
Researchers from Advanced Intel (AdvIntel) reported that developers of the Zeppelin ransomware updated their malware in April implementing some enhancements.
The malware was available for sale at a price tag of $2,300 per core build, but they offered individual conditions to their subscribers.
Advanced Intel researchers pointed out that even if the Zeppelin gang doesn’t implement a common RaaS model, they represent a serious threat to organizations worldwide.
Follow me on Twitter: @securityaffairs and Facebook
Pierluigi Paganini
International Editor-in-Chief
Cyber Defense Magazine
