Zeppelin Ransomware Decryption Tool Secretly Deployed to Aid Victims

From heimdalsecurity.com

The encryption mechanism of the Zeppelin ransomware was analyzed by security researchers and, as they found vulnerabilities in it, they began to secretly exploit the flaws in order to create a working decryptor which they then used to help companies affected by ransomware to recover files without having to pay the attackers.

The developer of the decryption tool is the New Jersey based cybersecurity consulting company, Unit221b, who had a technical report ready ever since February 2020 but chose to delay its publishing, to keep the threat actor in the dark about the vulnerabilities in their file-encrypting malware.

Read more…