Zeppelin ransomware is a Delphi-based ransomware-as-a-service (RaaS) strain. Developers sell it on underground forums, letting buyers decide how they want to use the malware. Zeppelin operators do not have a leak site, like most RaaS groups, and they focus on encrypting the data, not stealing it. The current Zeppelin version comes with a price tag of $2,300 per core build. The developers also have some sort of individual partnership with certain users of their malware. AdvIntel advises monitoring and auditing external remote desktop and VPN connections as an efficient defense.
Source: https://www.bleepingcomputer.com/news/security/zeppelin-ransomware-comes-back-to-life-with-updated-versions/