1 minute

0mega ransomware gang changes tactics

A number of ransomware gangs have stopped using malware to encrypt targets’ files and have switched to a data theft/extortion approach to get paid; 0mega – a low-profile and seemingly not very active threat actor – seems to be among them.

About the 0mega ransomware operation

0mega (spelled with a zero) is a relative newcomer to the ransomware/extortion business.

Evidence of its activities were first spotted roughly a year ago, when one victim – a UK-based electronics repair and refurbishment company – apparently refused to pay and the gang leaked company data on its dedicated leak site.

The gang used ransomware that added the “.0mega” extension to encrypted files, but a sample of the malware hasn’t been found.

Since then, stolen data of two additional victims has been leaked.

Of course, the fact that the leak site only lists a few victims does not mean there haven’t been many others. One victim organization’s data was leaked and then removed, according to Lawrence Abrams.

Read the full article on Help Net Security.