Security News > 2022 > November > Researchers secretly helped decrypt Zeppelin ransomware for 2 years
Security researchers found vulnerabilities in the encryption mechanism of the Zeppelin ransomware and exploited them to create a working decryptor they used since 2020 to help victim companies recover files without paying the attackers.
Unit221b was motivated to crack Zeppelin after seeing that the ransomware operators hit charity organizations, nonprofits, and even homeless shelters.
The researchers noticed that Zeppelin used an ephemeral RSA-512 key to encrypt the AES key that locked access to encrypted data.
Unit221b's founder Lance James told BleepingComputer they decided to make all details public due to the Zeppelin ransomware victim influx dropping significantly in the recent months.
Emsisoft's threat analyst Brett Callow confirmed the drop in Zeppelin attacks, pointing out that the last major operation to use the ransomware strain was Vice Society, which abandoned it months ago.
Zeppelin is a Delphi-based ransomware strain of Russian origin that emerged in the wild in late 2019 as a semi-private project operating in small-circle partnerships.