0mega is a new ransomware extension released in May 2022. The group uses double extortion strategies, just like LockBit and other hacker families.
The double extortion adopted by the ransomware variants, consists of not only charging a fee to recover the encrypted files, but the groups threaten to expose the victim’s data if the negotiation does not take place.
The ransomware adds a “.0mega” extension to all infected files, blocking access and stealing the data. A ransom note called “DECRYPT-FILES.txt” is also inserted on the user’s desktop .
The 0mega ransom notes are customized for each victim. Containing company name, samples of stolen data, and the link to their TOR domain. Only those who have suffered a ransomware attack have the login key to the site, as the ransom note has a Base64-encoded blob (Binary Large Object). The group also contains a site dedicated to leaking corporate data that is being encrypted.
Currently the site claims to have access to over 150 gb stolen from a single target. And last month, one of the exposed companies was removed from the ransomware list, making the idea that the ransom was held by the victim.
So far there is no information of amounts demanded by the 0mega and also the encryption algorithm has not been revealed.
Recover files encrypted by 0mega ransomware
0mega ransomware is just one of several malware families. Digital Recovery has specialized for years in recovering data encrypted by ransomware. We have developed methods to recover corrupted files on Database, Storage, NAS, DAS, SAN and any RAID level.
Because of the damage that data loss can cause, we offer services in emergency mode, providing a team of experts who will attend your event day and night without negotiating with hackers.
Our solution for dealing with ransomware is totally remote, speeding up the recovery procedures.
A company’s data and information are extremely sensitive files, and to prevent files from being leaked, we have our own confidentiality agreement (NDA).
Digital Recovery is prepared for any data loss scenario. Contact us and request a diagnosis right now.