Ransomware - 0mega

0mega (Active)
Aliases
Omega
Decryptor Available
No
Description

0mega (with a zero instead an O) is a ransomware group that seemingly moves slowly based on the rate at which they add victims to their extortion page. They've added three victims to their extortion website - available on both Clearnet and TOR - in the first year of their existence. However, don't be fooled; it's very likely that more attacks are occurring but aren't listed due to the victim paying or because the attack wasn't successful (enough). The group may act gingerly, but because there is yet to be a known sample or analysis of this ransomware, it's difficult to uncover the group's tactics and techniques of infiltrating networks, not to mention the telemetry of when they breach. We are aware of at least one other victim when Obsidian Security's threat research team revealed in a blog post a SaaS account compromise that led to data theft. Allegedly, they didn't encrypt any files during this breach. However, they did drop a ransom note titled "PREVENT-LEAKAGE.txt"

Ransomware Type
Crypto-Ransomware
Data Broker
First Seen
Extortion Types
Direct Extortion
Double Extortion
File Extension
<file name>.omega
Ransom Note Name
DECRYPT-FILES.txt
PREVENT-LEAKAGE.txt
Industry Sector Land Extortion Date Amount (USD)
Professional ServicesUnited Kingdom
Information TechnologyIndia
Information TechnologyUnited States
ManufacturingUnited States
Aerospace & AviationUnited States
Retail & WholesaleUnited States