Security News > 2021 > May > Zeppelin ransomware comes back to life with updated versions
The developers of Zeppelin ransomware have resumed their activity after a period of relative silence that started last Fall and started to advertise new versions of the malware.
Zeppelin ransomware is also referred to as Buran and has its origin in the Vega/VegaLocker family, a Delphi-based ransomware-as-a-service observed on Russian-speaking hacker forums in 2019.
The developers of the Zeppelin ransomware strain sell it on underground forums, letting buyers decide how they want to use the malware.
"We continue to work. We provide individual conditions and a loyal approach for each subscriber, the conditions are negotiable. Write to us, and we will be able to agree on a mutually beneficial term of cooperation" - Zeppelin ransomware.
Zeppelin is one of the few ransomware operations on the market that does not adopt the pure RaaS model and also one of the most popular of the bunch, enjoying recommendations from high-profile members of the cybercrime community.
AdvIntel recommends monitoring and auditing external remote desktop and VPN connections as an efficient defense against the Zeppelin ransomware threat.