0mega
ACTIVEransomware group
0mega is a ransomware group first observed in May 2022, operating with a double extortion model: <br/>* Encrypting victim files (adding the .0mega extension) <br/>* Threatening to leak stolen data if ransom demands are not met. <br/>Ransom notes are named DECRYPT-FILES.txt and include victim-specific details and a Tor-based negotiation portal. <br/>Unlike typical Ransomware-as-a-Service (RaaS) operations, 0mega appears to work as a closed group, selecting a limited number of high-value targets. <br/>The group employs two main tactics: <br/>* Traditional ransomware encryption of on-premise systems. <br/>* Cloud-based extortion, compromising Microsoft 365 Global Admin accounts, creating unauthorized admin users, and exfiltrating data via SharePoint. <br/>Active period: May 2022 β January 2024
Group Activity
Last 12 monthsVictims (7)
Four Hands LLC
Manufacturing and distributing home furnishing products, retail, design
Rotorcraft Leasing Company
Helicopter support, pilot training, fueling service, maintenance
US Liner Company & American Made LLC
Industrial engineering, manufacturing, advanced materials, thermoplastic composite solutions
Aviacode (GeBBS)
Medical coding, outsourced coding, auditing & consulting
Aviacode
Medical coding, outsourced coding, auditing & consulting
Nextlabs
Business services, security software & IT services, risk management software
Maxey Moverley
Electronics repair & refurbishment, technical service, CCTV
Infrastructure
https://0mega.cc/13039ms
2d ago
parked
http://0mega.cc2554ms
8d ago