I apologize to all of you Led Zepplinists in the audience, but I couldn’t help myself. A fairly recent form of ransomware, called Zeppelin (duh) has reared its ugly head once again.
The software retails for about $2,300 on the Dark Web and gives customers decide how they use the software. This is atypical in the Ransomware-as-a-Service (RaaS) industry. Typically a RaaS provider and their partners split the ransom.
The Zeppelin developers are also known for favoring their regular customers, offering unique and favorable terms to those who’ve repeatedly bought from them.
Zeppelin can ultimately be traced back to the Buran or VegaLocker family of ransomware. The family is programed in the Delphi language, making it more difficult to reverse-engineer.
In the past, bad actors had previously relied on malvertising campaigns to spread VegaLocker, but in this case, Zeppelin uses more traditional methods, like exploiting VPN vulnerabilities and phishing.
Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.