Ransomware - 0mega

0mega (Active)
Decryptor Available

0mega (with a zero instead an O) is a ransomware group that seemingly moves slowly based on the rate at which they add victims to their extortion page. They've added three victims to their extortion website - available on both Clearnet and TOR - in the first year of their existence. However, don't be fooled; it's very likely that more attacks are occurring but aren't listed due to the victim paying or because the attack wasn't successful (enough). The group may act gingerly, but because there is yet to be a known sample or analysis of this ransomware, it's difficult to uncover the group's tactics and techniques of infiltrating networks, not to mention the telemetry of when they breach. We are aware of at least one other victim when Obsidian Security's threat research team revealed in a blog post a SaaS account compromise that led to data theft. Allegedly, they didn't encrypt any files during this breach. However, they did drop a ransom note titled "PREVENT-LEAKAGE.txt"

Ransomware Type
Data Broker
First Seen
Extortion Types
Direct Extortion
Double Extortion
File Extension
<file name>.omega
Ransom Note Name
Industry Sector Country Extortion Date Amount (USD)
Professional Services United Kingdom
Information Technology India
Information Technology United States
Manufacturing United States
Aerospace & Aviation United States
Retail & Wholesale United States