0mega (with a zero instead an O) is a ransomware group that seemingly moves slowly based on the rate at which they add victims to their extortion page. They've added three victims to their extortion website - available on both Clearnet and TOR - in the first year of their existence. However, don't be fooled; it's very likely that more attacks are occurring but aren't listed due to the victim paying or because the attack wasn't successful (enough). The group may act gingerly, but because there is yet to be a known sample or analysis of this ransomware, it's difficult to uncover the group's tactics and techniques of infiltrating networks, not to mention the telemetry of when they breach. We are aware of at least one other victim when Obsidian Security's threat research team revealed in a blog post a SaaS account compromise that led to data theft. Allegedly, they didn't encrypt any files during this breach. However, they did drop a ransom note titled "PREVENT-LEAKAGE.txt"
Known Victims(6)
| Industry Sector | Country | Extortion Date | Amount (USD) |
|---|---|---|---|
| Professional Services | United Kingdom | ||
| Information Technology | India | ||
| Information Technology | United States | ||
| Manufacturing | United States | ||
| Aerospace & Aviation | United States | ||
| Retail & Wholesale | United States |