After a long gap, the Zeppelin ransomware group has now shown up with an updated malware strain and redefined rules for its buyers. This includes allowing complete independence to use their malware as they liked and providing special support for long-term and regular customers. Besides, the core Zeppelin malware has been updated with more stable encryption.
Zeppelin Ransomware For Simple Buy and Use
As reported by the researchers at AdvIntel, an advanced intelligence firm, the owners of Zeppelin ransomware have resumed their operations after a long period of silence. The threat group is seen advertising its malware with “a major update” and working with “a more extended scope of operations” with the partners.
[DarkWeb Insights]🔍#Zeppelin Revival
With the recent developments, direct ransomware sales become more popular – no affiliates or partnerships – simple purchase and use
Zeppelin was the most popular non-RaaS group, and they just recently had a major update and activity revival pic.twitter.com/kJhmaQO4yC
— Yelisey Boguslavskiy (@y_advintel) May 18, 2021
Unlike most ransomware groups that follow the Ransomware-as-a-Service model, the Zeppelin gang follows a typical approach by allowing their partners (buyers) to act more freely. Instead of picking partners, Zeppelin group sells its core encryption malware to anyone on the underground forums and prioritizes support for regular and long-term customers called “subscribers.”
As seen by researchers, the Zeppelin ransomware wrote as “We continue to work. We provide individual conditions and a loyal approach for each subscriber. The conditions are negotiable. Write to us, and we will be able to agree on a mutually beneficial term of cooperation.”
Alongside this, the core malware has increased the stability of encryption, thus making it more effective. This updated malware is now being sold for $2,300, as seen by the AdvIntel researchers. Moreover, Zeppelin is one of the few ransomware groups that consider recommendations from high-profile members in the cybercrime community.
As it leaves the core malware open to anyone buying it, researchers say this could be more threatening since it makes the detection hard. Also, other cybercriminals who buy the Zeppelin malware may take some of its features to embed in their strains. As it’s now open to buy once again, we shall see how many hacks this would lead to in the future.