The Omega ransomware group, having been somewhat dormant lately, has just struck again with an attack on Four Hands LLC – a furniture company based in Austin, Texas.
With the size of data stolen, the company has undergone a massive compromise of its cybersecurity, leading to the data of hundreds of stakeholders ending up in the wrong hands.
So far, this is what we know about the ransomware attack from Omega group:
The Date of the Attack, What They Stole, and Who Is at Risk
News of the attack reached the public in late January from Omega’s own blog page. On the page, viewers can see the past victims of the ransomware group, how much (%) of their data has been leaked thus far, what the business does, what the size of the breach is, and when the attack was last updated.
Alongside this, visitors can also open the download link to all of these breaches which are typically hundreds of Gigabytes in size – a trend that has only gotten worse with the latest attack. Pictured below is the driver license of one of the victims which was contained within the published confidential data of the company by Omega:
The driver license of Four Hands’ employees was compromised in the attack, along with many other things.
Considering the fact that about 1.5 TB of data was stolen, it’s clear to see that nearly everything contained on the firm’s cloud storage was accessed and stolen in the ransomware attack. This includes licenses, like the one pictured above, but also confidential financial data, employee salary records, non-disclosure agreements, and more.
With that in mind, the people that are most at risk as a result of this ransomware attack are the employees of the company, along with external stakeholders such as customers, business partners, suppliers, and more.
Although Four Hands is not a large multi-billion dollar enterprise, its business certainly extends to thousands of individuals, a large number of whom are likely part of the breach highlighted in this article. The picture below shows the ID card of another individual whose data was published in the attack:
Identification card of an employee from Four Hands.
Who Is 0mega?
Officially naming themselves 0mega with a ‘zero’, this is a ransomware group that follows the slow and steady philosophy. This is in contrast with other ransomware groups that often add dozens of victims to their blogs each week – 0mega has been slowly expanding its list of victims over the past two years.
One thing that is common in each of these attacks is the amount of data stolen, which has been on a consistent upward trend with each attack. Also unlike other ransomware groups – 0mega has been known not to encrypt all of the files they find on their victims’ servers; instead opting to simply steal it and even offering advice on preventing the same from happening in the future.
Who Should Be Concerned About This Attack?
Apart from the obvious affected people from the company, this is a clear statement by the ransomware group to businesses who do not invest proportionally in their cybersecurity systems.
This leads to gaps and vulnerabilities in the system which can be easily exploited by malicious actors such as 0mega. Accordingly, businesses that have not been keeping their security systems up to date, not following the best practices for cybersecurity, and leaving their data vulnerable are the ones who need to be the most worried right now.