Light Dark
December 16, 2019 By David Bisson 2 min read

Researchers observed the Russian-based Zeppelin ransomware targeting high-profile users based in the U.S. and Europe.

Blackberry Cylance observed threat actors using Zeppelin ransomware to selectively target technology and healthcare companies located in the U.S. and Europe. In their analysis of this campaign, Cylance’s researchers observed that all Zeppelin samples quit running if they detected that the infected computer was based in Russia or another former Soviet Union country. Otherwise, they proceeded with their encryption routines and then dropped a ransom note on the infected machine. Some of those notes used generic messages, while others were more unique. Across the board, however, the samples instructed victims to contact an attacker-controlled email address and supply their unique infection ID number.

The security firm found that the Zeppelin ransomware was hosted on watering hole sites and Pastebin at the time of its analysis. Furthermore, it found that the threat was deployable as an EXE, DLL or a package wrapped in a PowerShell loader.

The Newest Variant of VegaLocker

Researchers at Blackberry Cylance determined that Zeppelin was the latest variant of a well-known ransomware-as-a-service (RaaS) family called Vega or VegaLocker. In April 2019, Bleeping Computer revealed that VegaLocker had been responsible for encrypting users’ computers as part of a malvertising campaign involving the Russian Yandex.Direct advertising network. It was several months later when McAfee Labs spotted another VegaLocker variant called Buran relying on the RIG exploit kit’s abuse of an Internet Explorer vulnerability for distribution.

How to Defend Against Zeppelin Ransomware

Security professionals can help their organizations defend against Zeppelin ransomware by not underestimating the power of security awareness training. Not investing in the workforce’s awareness of digital threats like phishing could leave the organization open to a ransomware infection. Additionally, infosec personnel should focus on obtaining the latest threat intelligence so that they can stay on top of new ransomware campaigns and techniques.

 |  |  |  |  |  | 
David Bisson
Contributing Editor

More from

January 30, 2025

When ransomware kills: Attacks on healthcare facilities

4 min read - As ransomware attacks continue to escalate, their toll is often measured in data loss and financial strain. But what about the loss of human life? Nowhere is the ransomware threat more acute than in the healthcare sector, where patients’ lives are literally on the line.Since 2015, there has been a staggering increase in ransomware attacks on healthcare facilities. And the impacts are severe: Diverted emergency services, delayed critical treatments and even fatalities. Meanwhile, the pledge some ransomware groups made during…

January 29, 2025

AI and cloud vulnerabilities aren’t the only threats facing CISOs today

6 min read - With cloud infrastructure and, more recently, artificial intelligence (AI) systems becoming prime targets for attackers, security leaders are laser-focused on defending these high-profile areas. They’re right to do so, too, as cyber criminals turn to new and emerging technologies to launch and scale ever more sophisticated attacks.However, this heightened attention to emerging threats makes it easy to overlook traditional attack vectors, such as human-driven social engineering and vulnerabilities in physical security.As adversaries exploit an ever-wider range of potential entry points…

January 28, 2025

4 trends in software supply chain security

4 min read - Some of the biggest and most infamous cyberattacks of the past decade were caused by a security breakdown in the software supply chain. SolarWinds was probably the most well-known, but it was not alone. Incidents against companies like Equifax and tools like MOVEit also wreaked havoc for organizations and customers whose sensitive information was compromised.Expect to see more software supply chain attacks moving forward. According to ReversingLabs' The State of Software Supply Chain Security 2024 study, attacks against the software…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature