0mega is a financially motivated ransomware group that first emerged in May 2022, rapidly becoming known for its aggressive double extortion tactics. Initially, the group deployed ransomware that encrypted files with a unique .0mega extension, alongside exfiltrating sensitive data. Over time, 0mega has notably evolved its operational model to sometimes forego file encryption entirely, focusing instead on pure data theft and extortion, particularly targeting cloud-based Software-as-a-Service (SaaS) environments such as Microsoft 365 and SharePoint. This shift, observed in attacks from mid-2023, distinguishes them from many other ransomware operations by directly compromising cloud administrator accounts for data exfiltration without endpoint compromise. The group appears to operate as a closed entity, selectively targeting high-value organizations rather than functioning as a Ransomware-as-a-Service model.

URLs nuevas detectadas en IntelTracker