Zeppelin Ransomware

The Zeppelin Ransomware is a file-locking Trojan that can take the media on your PC hostage while awaiting a ransom. Due to unlocking media through a decryptor being an inconsistently-available solution, most users should protect their work through secure backup practices. Anti-malware strategies and software also can help by avoiding typical infection vectors or flagging and uninstalling the Zeppelin Ransomware.

Flying for Your Files and Pumped Full of Greed

Although they get some derision as impractical vehicles of an abandoned zeerust-like conceptualization of the future, a new Trojan's campaign is taking the zeppelin and turning it into a vehicle for extortion. The Zeppelin Ransomware is an evident update to the BURAN Ransomware project, with trivial changes to some minor features, like its file marker. While malware experts can't narrow down its targets significantly, the Trojan has all of the usual dangers of its kind: namely, encryption and permanent blocking of files.

This Week In Malware Episode 23 Part 2: Zeppelin Ransomware Comes Back To Evade Detection Using New Trojan Horse

Victims who aren't familiar with the work of the relevant Russian threat researcher will find few symptoms that link the Zeppelin Ransomware back to its near ancestor. The Zeppelin Ransomware locks files with encryption, like thousands of similar file-locking Trojans in 2019, but abandons the BURAN Ransomware renaming tag. Instead, it appends a three-by-three set of random character blocks, such as '123-456-9BC.' Currently, the Trojan's configuration doesn't target executables, but malware experts anticipate the program's being threatening to most database and media formats.

The text ransom note that the Zeppelin Ransomware creates is a second, new factor in its payload. This version uses a different set of instructions from the old ones, without much information besides an ID and several e-mails for negotiating with the criminals. Malware experts have yet to isolate any transaction data. Still, victims should note that past BURAN Ransomware attacks have demanded money of up to three thousand USD, and reward the 'customers' with decryptors that aren't compatible with larger file sizes.

Grounding a Blimp-Sized Saboteur

While not every type of file-locking Trojan is secure equally, unfortunately, the Zeppelin Ransomware belongs to a small family that doesn't have a free decryption service. Users with backups always can recover through them without paying a ransom, which, in any case, is still a questionable option for restoring media. For safety, malware experts recommend saving one's backups to at least one additional device with suitable security for keeping threatening software from accessing and tampering with it.

Businesses and even government networks can experience attacks depositing threats like the Zeppelin Ransomware through e-mail, targeted hackings of websites specific to various industries and brute-force cracking logins. The average users are, however, just as likely of coming across the Zeppelin Ransomware through an illicit, torrent-circulating download or from running scripts on their browsers carelessly. The presence of document macros or JavaScript and Flash are typical heralds of vulnerabilities leading to a drive-by-download.

File-locking Trojans, generally, implement few forms of protection against security programs, although some families may auto-terminate the processes of typical anti-malware and recovery tools. Updated anti-malware suites should delete the Zeppelin Ransomware and its ancestor's other updates automatically without any issues.

The Zeppelin Ransomware is flying straight to Windows machines with nothing but crime on its mind, and its data sabotage doesn't have a natural cure. Bringing down this Trojan's high-flying dreams of ill-gotten money is most accessible from the outset before it even infects your computer.