HQ/EMEAFind out how we can help your business
A hacker that goes by the monicker ‘RET’ recently announced on a notorious cybercrime forum the sale of the source code and a cracked version of Zeppelin ransomware builder for a mere $500.
Experts have yet to confirm the legitimacy of this offer, but a researcher identified the post and noted that the accompanying screenshots suggest the package’s authenticity.
Based on reports, a party that would purchase this package will gain access to not only the Zeppelin source code but also a cracked builder, providing the potential to initiate a new ransomware-as-a-service (RaaS) operation or develop a new locker based on the Zeppelin family.
RET clarified that they did not create the Zeppelin ransomware but cracked a builder version; hence, questions arise about the ethical implications surrounding the selling and use of such malicious software.
The cybercriminal, RET, explained in the forum replies that they obtained the Zeppelin ransomware builder without a license. Moreover, RET intended to sell the product to a single buyer and promised to freeze the sale until they completed the transaction.
A pivotal moment in the Zeppelin ransomware operation occurred in November 2022, following the discontinuation of the Zeppelin RaaS operation. Law enforcement and security researchers uncovered exploitable flaws in Zeppelin’s encryption scheme, allowing them to generate a decrypter and assist victims since 2020.
Therefore, the potential buyer of the Zeppelin source code expressed concerns about the cryptography implementation, prompting RET to ensure that they have addressed the vulnerabilities in the second version of the malware.
Zeppelin, a Delphi-based Vega/VegaLocker malware family strain, had an infamous hacking spree from 2019 to 2022. It became famous for its use in double-extortion attacks, with operators demanding ransoms as high as $1 million.
Original builds of the Zeppelin ransomware have reached prices as high as $2,300 in 2021 after its author announced a significant software update. The RaaS model, with a 70-30 split favouring affiliates, made it an attractive tool for cybercriminals looking to capitalise on the growing trend of ransomware attacks.
The sale of Zeppelin’s source code marks a concerning development for various organisations since it could allow a hacking group to take advantage of it to execute sophisticated attacks.
