The Zeppelin Ransomware
It is a malicious program, a variant of Buran ransomware is the newest member of the Delphi-based Ransomware-as-a-Service (RaaS) family.
Zeppelin appears to be highly configurable and can be deployed as an EXE, DLL, or wrapped in a PowerShell loader. There are reasons to believe at least some of the attacks were conducted through MSSPs.
Zeppelin: Targets High Profile Users Tech and Health Companies
The actors behind Zeppelin demonstrate a dedication to their craft by deploying precise attacks against high-profile targets in the IT and health sectors.
Zeppelin can be deployed as an EXE, DLL, or wrapped in a PowerShell loader and includes the following features:
- IP Logger — to track the IP addresses and location of victims
- Startup — to gain persistence
- Delete backups — to stop certain services, disable the recovery of files, delete backups and shadow copies, etc.
- Task-killer — kill attacker-specified processes
- Auto-unlock — to unlock files that appear locked during encryption
- Melt — to inject self-deletion thread to notepad.exe
- UAC prompt — try running the ransomware with elevated privileges
Based on the configurations attackers set from the Zeppelin builder user-interface during the generation of the ransomware binary, the malware enumerates files on all drives and network shares and encrypts them with the same algorithm as used by the other Vega variants.
How to prevent ZEPPELIN
Removed form the operating system. Format OS. However, Data will not restore if it is already compromised.
Finally, the only viable solution is recovering it from a backup. if you have already created before infection stored in a separate location.
Always create a backup copy in separate location for your critical data!
Shree is based in Butwal, Nepal. Shree holds a degree in M.Sc. (IT) and began working at New Horizons, Nepal Center in 2007-2012. After that Shree contributes to various reputed firms in Kathmandu with his years’ of experiences in Teaching, IT administration, Management and Consulting Services especially in Payment/Software industries (IT infrastructures and Security solution). Check about page for details!