Search This Blog

Businesses Hit By The Ransomware 0mega

The victims can contact the ransomware group using the "help" chat feature of the Tor payment negotiation site.

 

Launched in May 2022, this new ransomware operation known as 0mega uses a double-extortion method to target corporations all over the world and seeks millions of dollars in ransom. 

Since a ransomware sample for the 0mega operation is not yet detected, not much is known about the encryption method used. However, what's known is that the malware adds the .0mega extension to the encrypted file names and produces ransom letters with the filename extension DECRYPT-FILES.txt, according to BleepingComputer. 

Such ransom notes are made specifically for each victim, and they typically include the name of the business and a list of the various kinds of data that were stolen. Additionally, some notes contain threats that, in the scenario that a ransom is not paid, the 0mega gang will reveal the information to commercial partners and trade associations. 

The victims can contact the ransomware group using the "help" chat feature of the Tor payment negotiation site included in ransom notes. It includes a special code to get in touch with the operators via the negotiating site. 

Like practically all ransomware operations that target businesses, 0mega has a specific site for data leaks where malicious actors disseminate stolen information if a ransom is not paid. 152 GB of data that was stolen from an electronics repair business in a May incident is now hosted on 0mega's leak site. 

Last week, though, there was a second victim who has since been eliminated, suggesting that the business has perhaps paid a ransom. In a published blog post The digest 'Crypto ransomware', researchers Lawrence Abrams and Andrew Ivanov discusss the malware in detail.
Share it:

Data Leak

Double extortion

Encryption

Extortion Threat

Malicious actor

malware

Ransomware Attacks.