A newly discovered threat group called 0mega ransomware has been spotted by researchers targeting organisations worldwide. The operators of this new malicious entity are deploying double extortion strategies that demand millions of dollars as ransom.
According to the researchers, the 0mega ransomware operation started last May and claimed it had already infected several victims before it was discovered. The 0mega operators maintain a dedicated data leak website that they utilise to display stolen data if their demanded ransom is not paid by its target.
Researchers indicated that the data leak site currently holds more than 150GB worth of stolen data from an electronics repair company. The mentioned attack occurred last May, which was previously unidentified. However, another separate victim has been deleted, meaning that the company has yet to pay the ransom asked by the 0mega ransomware group.
The 0mega ransomware operation heavily relies on file extensions to encrypt their targeted data.
A separate researcher analysed the group and discovered that the operators are adding the [.]0mega extension to the encrypted file names. Subsequently, the threat actors develop a ransom note shown as a text file coded as DECRYPT-FILES[.]txt. This ransom reminder will be left on the targeted device after the 0mega operators encrypt all files.
The ransom notes then include a link to a Tor payment negotiation site with a support chat for contacting the ransomware operators. The victims will then be instructed to upload their ransom note with a unique Base64-encoded blob identity to log in to the ransom negotiation site and contact the threat actors.
Unfortunately, researchers are unsure how to encrypt files since the 0mega ransomware operation is relatively new. However, security experts could give additional information regarding its attacks based on its data leak website.
0mega is the latest ransomware threat on the cybercriminal landscape, and more attacks from them are expected by security experts soon. Therefore, organisations should always protect their essential data with competent encryption mechanisms. Furthermore, experts advise these organisations to employ a threat intelligence service to stay updated regarding the latest trends among the underground ecosystems.
