Description
0mega is a ransomware group first observed in May 2022, operating with a double extortion model:
* Encrypting victim files (adding the .0mega extension)
* Threatening to leak stolen data if ransom demands are not met.
Ransom notes are named DECRYPT-FILES.txt and include victim-specific details and a Tor-based negotiation portal.
Unlike typical Ransomware-as-a-Service (RaaS) operations, 0mega appears to work as a closed group, selecting a limited number of high-value targets.
The group employs two main tactics:
* Traditional ransomware encryption of on-premise systems.
* Cloud-based extortion, compromising Microsoft 365 Global Admin accounts, creating unauthorized admin users, and exfiltrating data via SharePoint.
Active period: May 2022 – January 2024
Urls4
| Url | ||||
|---|---|---|---|---|
| http://omegalock5zxwbhswbisc42o2q2i54vdulyvtqqbudqousisjgc7j7yd.onion/ | Down |
|
||
| https://0mega.cc/ | Up |
|
||
| https://0mega.ws/ | Down |
|
||
| http://kbavsfyafrpsostfrkg2w2f7ttf55sz3pfqmoza3o2t3mhrdalvdu7yd.onion | Down |
Activity (interactive) 7
Posts7
| Date | Title | Description | Screen |
|---|---|---|---|
| Four Hands LLC | Manufacturing and distributing home furnishing products, retail, design |
|
|
| Rotorcraft Leasing Company | Helicopter support, pilot training, fueling service, maintenance |
|
|
| US Liner Company & American Made LLC | Industrial engineering, manufacturing, advanced materials, thermoplastic composite solutions |
|
|
| Aviacode (GeBBS) | Medical coding, outsourced coding, auditing & consulting |
.png)
|
|
| Aviacode | Medical coding, outsourced coding, auditing & consulting | ||
| Nextlabs | Business services, security software & IT services, risk management software |
|
|
| Maxey Moverley | Electronics repair & refurbishment, technical service, CCTV |
|