"Security researchers stated that cybercriminals have created a new ransomware variant titled “Zeppelin” to target healthcare and IT companies in the U.S., Canada, and Europe. It’s said that Zeppelin ransomware is reportedly a new variant of the VegaLocker/Buran ransomware.
Background of the Ransomware
According to the BlackBerry Cylance Threat Research team, Zeppelin is the newest member of the Delphi-based Ransomware-as-a-Service (RaaS) family based on the same code and features with its predecessors VegaLocker.
Beginning its journey as VegaLocker, the ransomware was developed on Russian hacker forums under the name Buran, in May 2019. VegaLocker samples were first discovered in a malvertising operation on Yandex. Direct, a Russian online advertising network.
The campaign was aimed at Russian speaking users. Several new versions of VegaLocker ransomware appeared during this year, carrying a different name: Jamper, Storm, and Buran, etc. The latest variant of this ransomware is Zeppelin."