A new criminal operation called 0mega has appeared: it uses ransomware with the double extortion technique and has a website to expose its victims in the absence of ransom payment. An initial analysis of what we know and the possible origins.
Researchers have not yet had a chance to get in touch with a sample of the ransomware software, so that they can analyze its more technical details through reverse engineering techniques. But from what the first victims affected by this new cyber gang are reporting, it appears that the files inside the computer, which are encrypted, are given the extension .0mega, and at the same time in the folders containing these files, files containing the ransom note are added.
The latter file appears under the name DECRYPT-FILES.txt.
Presumably, this new ransomware will also exploit the weaknesses of the human factor, which is present in business and workplaces in general, almost everywhere, in order to make its first entry into computers under attack, through phishing, via e-mail. It is not known for sure, but it is very likely that the spread of the malicious payload will occur precisely through targeted phishing campaigns.
Important, therefore, to always keep your eyes open and invest in the security awareness of corporate users, so not only employees but also suppliers and customers outside the corporate perimeter.