A new variant of the VegaLocker/Buran Ransomware called Zeppelin has been spotted infecting U.S. and European companies via targeted installs. It is not known exactly how the Zeppelin ransomware is being distributed, but it is likely through Remote Desktop servers that are publicly exposed to the Internet. Zeppelin will check if the user is in any CIS countries such as Russia, Ukraine, Belorussia, and Kazakhstan by either checking the configured language in Windows or default country code.
Source: https://www.bleepingcomputer.com/news/security/zeppelin-ransomware-targets-healthcare-and-it-companies/

