perm_phone_msgConsider your business risks? Chat With US

Flashpoint – Flashpoint Hunt Team Insights into Zeppelin Ransomware

Ransomware BCyber todayAugust 8, 2020 26

share close


In less than a decade, ransomware has grown from a relatively unknown attack technique to a national security threat at the top of law enforcement, policy makers, and corporate board rooms. The large fortunes made by these extortion groups is attracting top-level technical talent, which exacerbates the challenge of dealing with this growing threat.

Making matters even more complex is the cybersecurity industry’s focus on reporting the newest threats and sensational ransomware trends without much context for defenders. Oftentimes this reporting is presented as short social media updates that create more concern. Even the longer form news stories do not often answer the questions those directly faced with the ransomware threats need to know.

At Flashpoint, we aim to create comprehensive reporting that answers complex questions from our clients, meaning oftentimes a deeper dive is required to uncover underlying trends. The most common questions Flashpoint analysts hear from the clients are:

Based on these questions, the Flashpoint Hunt team has observed the following recent trends among ransomware cyber criminals: geopolitical association, RaaS ecosystem, extortionist trends, trends in common methods of assault, and victim responses.

The Flashpoint team has also observed that since threat actors need a platform to sell ransomware they usually operate on the encrypted chat services, and other covert channels where they constantly advertise new updated releases of the malware in order to stay competitive on the underground marketplace. This requires that the Hunt Team possess knowledge, skills, and technology required to embed themselves within these secretive online spaces and analyze heavily marketed new ransomware. From there, our team is able to assess the newest threats emerging from illicit communities, evaluate its scope and potential danger, while enabling customers to be proactive about managing risk.

One of the recent examples of deep dive work provided by The Hunt Team analysts was extensive analysis of Zeppelin ransomware. Zeppelin was one of the most sophisticated and, therefore, expensive ransomware builders put on the underground market. It was one of the first examples of a sophisticated ransomware builder for sale that did not require affiliation with the criminal group in order to operate the ransomware. Because of this, it is impractical to associate “Zeppelin” attacks with any group since their business model essentially made it a Ransomware-as-a-Franchise.

To learn more about Zeppelin origins and the full technical analysis, please download the report here.

This content was originally published here.

Written by: BCyber

Rate it
Previous post

Similar posts

Ransomware BCyber / October 19, 2020

Ad-light, Malware-heavy # Chris Dzombak

Ad-light, Malware-heavy Since December 17, Forbes has been running an experiment wherein some fraction of visitors who are running ad blockers are blocked from accessing Forbes articles until they disable their ad blocker. In exchange, Forbes promises an “ad-light experience”: A Forbes article published yesterday claims that this interstitial resulted in 42.4% of visitors turning ...

Read more trending_flat