0Mega
Parsing : Enabled
Description
0mega is a ransomware group first observed in May 2022, operating with a double extortion model:
* Encrypting victim files (adding the .0mega extension)
* Threatening to leak stolen data if ransom demands are not met.
Ransom notes are named DECRYPT-FILES.txt and include victim-specific details and a Tor-based negotiation portal.
Unlike typical Ransomware-as-a-Service (RaaS) operations, 0mega appears to work as a closed group, selecting a limited number of high-value targets.
The group employs two main tactics:
* Traditional ransomware encryption of on-premise systems.
* Cloud-based extortion, compromising Microsoft 365 Global Admin accounts, creating unauthorized admin users, and exfiltrating data via SharePoint.
Active period: May 2022 – January 2024
| Urls |
Screen |
| http://omegalock5zxwbhswbisc42o2q2i54vdulyvtqqbudqousisjgc7j7yd.onion/ |
Screen |
| https://0mega.cc/ |
Screen |
| https://0mega.ws/ |
Screen |
| http://kbavsfyafrpsostfrkg2w2f7ttf55sz3pfqmoza3o2t3mhrdalvdu7yd.onion |
|
Posts
| Date |
Title |
Description |
Screen |
| 2024-01-25 |
Four Hands LLC |
Manufacturing and distributing home furnishing products, retail, design |
Screen |
| 2023-10-18 |
Rotorcraft Leasing Company |
Helicopter support, pilot training, fueling service, maintenance |
Screen |
| 2023-10-04 |
US Liner Company & American Made LLC |
Industrial engineering, manufacturing, advanced materials, thermoplastic composite solutions |
Screen |
| 2023-02-12 |
Aviacode (GeBBS) |
Medical coding, outsourced coding, auditing & consulting |
Screen |
| 2023-01-09 |
Aviacode |
Medical coding, outsourced coding, auditing & consulting |
|
| 2022-09-15 |
Nextlabs |
Business services, security software & IT services, risk management software |
Screen |
| 2022-08-18 |
Maxey Moverley |
Electronics repair & refurbishment, technical service, CCTV |
Screen |