Zeppelin ransomware now starts stealing data instead of encrypting files

45

News is out that various developers of ransomware strains are now considering to launch cyber attack campaigns which steal data instead of encrypting files until a ransom is paid. They say that data steal works more than just encrypting files, as the threat actors have the option to sell data on the dark web if their money demanding efforts with the ransomware victims fail.

 

One such ransomware strain is Zeppelin Ransomware which has now joined the list of Maze Ransomware, Revil Ransomware/Sodinokibi Ransomware, Snatch Ransomware or the extinct Merry Christmas Ransomware- which target victims with data-stealing objectives.

 

Researchers from the Cybersecurity firm Morphisec discovered that Zeppelin malware creators are mainly targeting victims from the real estate sector and are stealing information before they could encrypt the files.

 

“In this incident, hackers are seen infecting a server, blocking all processes from operating normally, copying the backup files and then deploying the ransomware”, said Micheal Gorelik, the Chief Technology Officer of Morphisec.

 

And as companies are adopting a solid strategic data continuity strategy by backing up data, cyber crooks are now interested in stealing the infected data; just in case if the victim ignores their ransomware warning and goes for data recovery instead of ransom pay.

 

What’s more interesting about the Morphisec security study is that hackers have stopped targeting home users and have started to victimize large enterprises- technically this tactic is dubbed as ‘Big Game Hunting’ in the world of Cyber Attacks.

 

Note- The stolen data is either used to pressurize the victim in paying up or is sold on the dark web to make some quick bucks.