Cybercriminals have spun off a ransomware that was originally known to target Russian organizations into a new malicious encryptor used in targeted campaigns against strategically selected health care and IT companies in America and Europe.
Dubbed Zeppelin, the new ransomware is a descendant of VegaLocker, a Delphi-based Ransomware-as-a-Service (RaaS) offering that was discovered in early 2019 and quickly evolved into variants such as Jamper and Buran. While this family of ransomware was notably observed in a malvertising campaign targeting Russian-speaking accountants, the new Zeppelin strain has clearly pursued an entirely different agenda, and furthermore is “visibly distinct” from its predecessors, according to blog post published yesterday by the Cylance Threat Research Team.
Cylance, a division of BlackBerry, theorizes that Zeppelin is being deployed by a different group of threat actors than those who operated any of the earlier VegaLocker variants. The new actors could be cybercriminal affiliates who entered into an RaaS arrangement with Zeppelin’s true owners, or if ..
Support the originator by clicking the read the rest link below.
