The developers of the ransomware Zeppelin (also known as Buran) have resumed their criminal activity after a period of calm that began last fall.
Attackers started advertising the new version of the malware on a hacker forum late last month. This was reported by Bleeping Computer.
The developers of the new version of the ransomware Zeppelin are selling the software on underground forums, allowing buyers to decide how they want to use the malware. Developers also have a kind of personalized partnerships with specific clients.
This contrasts with classic RaaS business models, where developers typically seek partners to infiltrate a victim’s network, steal data, and install malware to encrypt files. Then both parties split the ransom, and the developers receive a smaller share (up to 30%).
According to experts from the information security firm Advanced Intel (AdvIntel), the developers of the ransomware Zeppelin announced themselves in March this year. They announced a “major software update” along with a new sales phase. The current version of Zeppelin costs $ 2.3K to build the kernel. Following a major update, the Zeppelin developers released a new variant of the malware on April 27, which changed little in functionality but improved the stability of the encryption.
“We continue to work. We provide each user with individual conditions and a loyal approach. Write to us, and we will be able to agree on mutually beneficial terms of cooperation, ”the Zeppelin operators said.
Zeppelin customers rely on common initial attack vectors such as RDP, VPN vulnerabilities, and phishing attacks. In addition, Zeppelin operators do not have a data breach site like most RaaS gangs, and they focus on data encryption, not theft.
Catch up on more articles here
Follow us on Twitter here