According to BleepingComputer, the operators behind the Zeppelin ransomware-as-a-service (RaaS), aka Buran, have resumed operations following a brief outage. Zeppelin's operators, unlike other ransomware, do not steal data from victims or maintain a leak site.
Experts from BlackBerry Cylance discovered a new version of the Vega RaaS, called Zeppelin, and it first appeared on the threat landscape in November 2019. In Europe, the United States, and Canada, the latest version was used in attacks against technology and healthcare firms. Zeppelin was discovered in November and was spread via a watering hole attack in which the PowerShell payloads were hosted on the Pastebin website.
The Zeppelin ransomware does not infect users in Russia or other ex-USSR countries like Ukraine, Belorussia, or Kazakhstan, unlike other Vega ransomware variants. The ransomware enumerates files on all drives and network shares and attempts to encrypt them after being executed. Experts found that the encryption algorithm used is the same as that used by other Vega variants.
“This is in contrast with the classic RaaS operations, where developers typically look for partners to breach into a victim network, to steal data, and deploy the file-encrypting malware. The two parties then split paid ransoms, with developers getting the smaller piece (up to 30%),” reported BleepingComputer.
Advanced Intel (AdvIntel), threat detection and loss avoidance firm, discovered that the Zeppelin ransomware developers revised their operation in March. They announced a "big software upgrade" as well as a new round of sales. According to an intelligence survey, the new Zeppelin version costs $2,300 per core build, as per AdvIntel head of research Yelisey Boguslavskiy.
Following the major update, Zeppelin's developers released ..
Support the originator by clicking the read the rest link below.
