Common Information
| Type | Value |
|---|---|
| Value |
0Mega |
| Category | Tool |
| Type | Ransomware |
| Misp Type | Cluster |
| Description | 0mega, a new ransomware operation, has been observed targeting organizations around the world. The ransomware operators are launching double-extortion attacks and demanding millions of dollars as ransom. 0mega ransomware operation launched in May and has already claimed multiple victims. 0mega maintains a dedicated data leak site that the attackers use to post stolen data if the demanded ransom is not paid. The leak site currently hosts 152 GB of data stolen from an electronics repair firm in an attack that happened in May. However, an additional victim has since been removed, implying that they might have paid the ransom to the 0mega group. How does it work? Hackers add the .0mega extension to the encrypted file’s names and create ransom notes (DECRYPT-FILES[.]txt). The ransom note has a link to a Tor payment negotiation site with a support chat to reach out to the ransomware group. To log in to this site, the victims are asked to upload their ransom notes with a unique Base64-encoded blob identity. |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2024-10-28 | 1 | Threat Context Monthly: Executive intelligence briefing for October 2024 | ||
| Details | Website | 2024-02-07 | 1 | Cloudy with a chance of threats: Advice for mitigating the top cyber threats of 2024 | ||
| Details | Website | 2023-08-02 | 10 | State of Ransomware: 2023 Midyear Review | ||
| Details | Website | 2023-06-12 | 91 | 安全事件周报 2023-06-12 第24周 | ||
| Details | Website | 2023-06-09 | 1 | SaaS Ransomware Attack Hit Sharepoint Online Without Using a Compromised Endpoint | ||
| Details | Website | 2023-05-24 | 1 | Unmasking Ransomware Using Stylometric Analysis: Shadow, 8BASE, Rancoz |