Security News > 2024 > January > Zeppelin ransomware source code sold for $500 on hacking forum
A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500. The post was spotted by threat intelligence company KELA and while the legitimacy of the offer has not been validated, the screenshots from the seller indicate that the package is real.
The seller of the Zeppelin source code and builder uses the handle 'RET' and clarified that they did not author the malware but simply managed to crack a builder version for it.
In November 2022, following the discontinuation of the Zeppelin RaaS operation, law enforcement and security researchers disclosed they had found exploitable flaws in Zeppelin's encryption scheme, allowing them to build a decrypter and help victims since 2020.
A user on the Zeppelin forum thread asks explicitly whether the new version has fixed the flaws in the cryptography implementation, to which the seller replies by saying that it's the second version of the malware that should no longer include the vulnerabilities.
Builds of the original Zeppelin ransomware were sold for up to $2,300 in 2021, after its author had announced a major update for the software.
In the summer of 2022, the Federal Bureau of Investigation warned about a new tactic employed by Zeppelin ransomware operators involving multiple rounds of encryption.