0mega
0mega is a double-extortion ransomware group that emerged in May 2022, targeting businesses across multiple sectors worldwide by encrypting files and threatening to leak stolen data; it also pivoted to cloud-based extortion by compromising Microsoft 365 admin accounts.
Victims
7
First Discovered
2022-07-14
victim
Last Discovered
2024-01-25
victim
Inactive Since
2yrs
more than
Avg Delay
N/A
attack→claim
Infostealer
75.0%
victims with domain
Countries
1
hit
Known Locations (2)
| Favicon | Title | Type | Available | Last Visit | Server Info | FQDN | |
|---|---|---|---|---|---|---|---|
|
0mega | Blog | No | 2026-04-28T07:22:20 |
omegalock5zxwbhswbisc42o2q2i54vdulyvtqqbudqousisjgc7j7yd.onion
|
|||
|
Yes | 2026-05-14T14:44:32 | Apache |
0mega.cc
|
Target
Top 5 Activity Sectors
- Business Services 3
- Healthcare 2
- Transportation/Logistics 1
- Manufacturing 1
Top 5 Countries
-
United States
2
Heatmap
TTPs Matrix (6)
| Initial Access | Privilege Escalation | Defense Evasion | Collection | Exfiltration | Impact |
|---|---|---|---|---|---|
| Valid Accounts | Create Account: Cloud Account | Account Access Removal | Automated Collection | Exfiltration Over C2 Channel | Data Encrypted for Impact |
| Inhibit System Recovery |
YARA Rules (1)
Victims (7)
Industrial engineering, manufacturing, advanced materials, thermoplastic composite solutions…
