Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
Malware Analysis
Researchers Quietly Cracked Zeppelin Ransomware Keys
Message
<blockquote data-quote="upnorth" data-source="post: 1012322" data-attributes="member: 38832"><p>Quote: " Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “<strong>Zeppelin</strong>” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. After two weeks of stalling their extortionists, Peter’s bosses were ready to capitulate and pay the ransom demand. Then came the unlikely call from an FBI agent. “Don’t pay,” the agent said. “We’ve found someone who can crack the encryption.”</p><p></p><p>Peter, who spoke candidly about the attack on condition of anonymity, said the FBI told him to contact a cybersecurity consulting firm in New Jersey called <a href="https://www.unit221b.com/" target="_blank">Unit 221B</a>, and specifically its founder — <strong>Lance James</strong>. Zeppelin <a href="https://blogs.blackberry.com/en/2019/12/zeppelin-russian-ransomware-targets-high-profile-users-in-the-us-and-europe" target="_blank">sprang onto the crimeware scene in December 2019</a>, but it wasn’t long before James discovered multiple vulnerabilities in the malware’s encryption routines that allowed him to brute-force the decryption keys in a matter of hours, using nearly 100 cloud computer servers. In an interview with KrebsOnSecurity, James said Unit 221B was wary of advertising its ability to crack Zeppelin ransomware keys because it didn’t want to tip its hand to Zeppelin’s creators, who were likely to modify their file encryption approach if they detected it was somehow being bypassed. This is not an idle concern. <strong>There are multiple examples of ransomware groups doing just that after security researchers crowed about finding vulnerabilities in their ransomware code. “The minute you announce you’ve got a decryptor for some ransomware, they change up the code</strong>,” James said.</p><p></p><p>But he said the Zeppelin group appears to have stopped spreading their ransomware code gradually over the past year, possibly because Unit 221B’s referrals from the FBI let them quietly help nearly two dozen victim organizations recover without paying their extortionists. "</p><p></p><p>Full source:</p><p>[URL unfurl="true"]https://krebsonsecurity.com/2022/11/researchers-quietly-cracked-zeppelin-ransomware-keys/[/URL]</p></blockquote><p></p>
[QUOTE="upnorth, post: 1012322, member: 38832"] Quote: " Peter is an IT manager for a technology manufacturer that got hit with a Russian ransomware strain called “[B]Zeppelin[/B]” in May 2020. He’d been on the job less than six months, and because of the way his predecessor architected things, the company’s data backups also were encrypted by Zeppelin. After two weeks of stalling their extortionists, Peter’s bosses were ready to capitulate and pay the ransom demand. Then came the unlikely call from an FBI agent. “Don’t pay,” the agent said. “We’ve found someone who can crack the encryption.” Peter, who spoke candidly about the attack on condition of anonymity, said the FBI told him to contact a cybersecurity consulting firm in New Jersey called [URL='https://www.unit221b.com/']Unit 221B[/URL], and specifically its founder — [B]Lance James[/B]. Zeppelin [URL='https://blogs.blackberry.com/en/2019/12/zeppelin-russian-ransomware-targets-high-profile-users-in-the-us-and-europe']sprang onto the crimeware scene in December 2019[/URL], but it wasn’t long before James discovered multiple vulnerabilities in the malware’s encryption routines that allowed him to brute-force the decryption keys in a matter of hours, using nearly 100 cloud computer servers. In an interview with KrebsOnSecurity, James said Unit 221B was wary of advertising its ability to crack Zeppelin ransomware keys because it didn’t want to tip its hand to Zeppelin’s creators, who were likely to modify their file encryption approach if they detected it was somehow being bypassed. This is not an idle concern. [B]There are multiple examples of ransomware groups doing just that after security researchers crowed about finding vulnerabilities in their ransomware code. “The minute you announce you’ve got a decryptor for some ransomware, they change up the code[/B],” James said. But he said the Zeppelin group appears to have stopped spreading their ransomware code gradually over the past year, possibly because Unit 221B’s referrals from the FBI let them quietly help nearly two dozen victim organizations recover without paying their extortionists. " Full source: [URL unfurl="true"]https://krebsonsecurity.com/2022/11/researchers-quietly-cracked-zeppelin-ransomware-keys/[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
