A new kind of ransomware is going after technology and healthcare companies across Europe, the US and Canada.
The malware goes by the name Zeppelin and is based on VegaLocker, another family of network-encrypting malware.
Described as highly configurable, Zeppelin has experts worried since it can be deployed in multiple ways and is created for “carefully chosen” attacks.
Experts suspect that Zeppelin originates from Russia because it ceases operations if it finds itself on the country’s network or that of three other former Soviet republics, Ukraine, Belarus and Kazakhstan.
Researchers at BlackBerry Cylance where Zeppelin was first uncovered believe this new form of ransomware was bought or stolen from previous sources.
Zeppelin’s features allow it to be deployed as an EXE or DLL, or to be wrapped in a PowerShell loader.