"0mega Ransomware Gang Changes Tactics"

Some ransomware groups have abandoned deploying malware to encrypt targets' files in favor of the data theft/extortion approach. Among them appears to be 0mega, a low-profile and seemingly low-active threat actor. 0mega is a newcomer to the ransomware/extortion business. Evidence of the gang's operations was initially discovered about a year ago, when one victim, a UK-based electronics repair and refurbishment company, refused to pay the demanded ransom, and the group leaked the company's data on its dedicated leak site. The group used ransomware that added the ".0mega" extension to encrypted files, but no sample of the malware has been discovered yet. Since then, the stolen data of two more victims has been exposed. However, the fact that the leak site only reveals a few victims does not mean that there are not many more. Data from one victim organization was disclosed and then removed. This article continues to discuss findings and observations regarding the 0mega ransomware operation.

Help Net Security reports "0MEGA Ransomware Gang Changes Tactics"