According to BleepingComputer, the operators behind the Zeppelin ransomware-as-a-service (RaaS), aka Buran, have resumed operations following a brief outage. Zeppelin’s operators, unlike other ransomware, do not steal data from victims or maintain a leak site.
Experts from BlackBerry Cylance discovered a new version of the Vega RaaS, called Zeppelin, and it first appeared on the threat landscape in November 2019. In Europe, the United States, and Canada, the latest version was used in attacks against technology and healthcare firms. Zeppelin was discovered in November and was spread via a watering hole attack in which the PowerShell payloads were hosted on the Pastebin website.