Zeppelin ransomware had source code and cracked builder declared to be sold for only $500 by the threat actor using "RET" as their handle, BleepingComputer reports.
In a post on a hacking forum identified by threat intelligence firm KELA, RET emphasized that they were only able to crack a builder iteration of the ransomware. Such a package, which has been obtained without a license, was meant to be sold to a single buyer, with the sale being frozen until the transaction's completion, according to RET.
While the Zeppelin ransomware-as-a-service operation's disruption in November 2022 resulted in the development of a decryption tool that leveraged vulnerabilities in the ransomware encryption process, RET noted in a reply to a hacking forum user that the package they have been selling is free from the flaws as it is already a newer iteration of the ransomware.
Such a development indicates the possible emergence of a new RaaS operation or Zeppelin-based locker.