Zeppelin ransomware, which is thought to be a variant of the Vega Ransomware-as-a-Service (RaaS), is active again after a short break. Zeppelin was first observed in November 2019, targeting healthcare and tech companies in the U.S., Canada, and Europe. Since then, it has made several other imprints in the cybersecurity world. Its latest variant is available on a hacker forum since last month, with some new features and assurance for long-term support.
What has been discovered?
The operators of Zeppelin RaaS have resumed their operations by releasing a new variant of the malware.
- On April 27, developers of this malware released the variant, which is said to increase the stability of its encryption process.
- This version of Zeppelin is available for sale at $2,300 per core build.
- When launched, this ransomware encrypts all files on all drives and network shares. The encryption algorithm used by Zeppelin is the same as another Vega variant.
- Furthermore, the developers are assuring that they would provide additional benefits to the potential buyers who would personally contact them.
Additional insights
- Zeppelin operators are not using any data leak site, which indicates that they still rely on data encryption and do not steal the data.
- Zeppelin uses common initial attack vectors such as RDP, VPN vulnerabilities, and phishing to target its victims.
- This ransomware does not infect the users in Russia and neighboring countries, including Belarus, Kazakhstan, and Ukraine.
Conclusion
Although this malware is still not equipped with the deadly capabilities of double extortion, it is capable of causing serious damage. Therefore, experts recommend regular monitoring and auditing of external connectivity options such as remote desktop and VPN as effective protection against this threat.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_87123070.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/375d_shutterstock_542598784.jpg)
