Zeppelin ransomware, also known as Buran, has returned with updates according to the ransomware’s developers. Zeppelin is a Delphi-based Ransomware-as-as-Service (RasS) that is offered to users on Darknet forums for them to use against any victim companies that they wish. According to Advanced Intel, the developers behind Zeppelin revigorated their activity in March 2021. The group announced a major update to the software along with a new round of sales, coming with a $2,300 price tag. The group posted on underground forums that they provide individual configurations for their ransomware and are willing to work with any subscribers to agree on mutually beneficial terms. Zeppelin is a unique RaaS group in many ways and works to better its product through recommendations from other cybercrime groups. The group also does not utilize a leak site like many other ransomware operators and focuses on encrypting the data alone, instead of stealing and leaking it.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased