Tengu is a RaaS operation first observed in October 2025, following a double-extortion model and using Living Off The Land Binaries (LOLBins) to blend malicious activity with normal admin traffic, primarily targeting consumer goods, real estate, automotive, healthcare, and IT sectors.
Genera un perfil del actor con IA (defensivo) cuando lo pidas.
Firma de detección defensiva para este grupo (úsala en tu EDR/SIEM). Fuente: ransomware.live.
/*
tengu ransomware
*/
rule tengu_Ransomnote
{
meta:
author = "ransomware.live"
family = "ransomware.tengu"
description = "Detects tengu ransomware ransom note or artifact"
date = "2026-05-04"
severity = 7
score = 70
strings:
$name1 = "tengu" ascii nocase
$name2 = "TENGU" ascii
$onion = "tengu.onion" ascii nocase
condition:
any of them
}
TENGU Locker ████████╗███████╗███╗░░██╗░██████╗░██╗░░░██╗ ╚══██╔══╝██╔════╝████╗░██║██╔════╝░██║░░░██║ ░░░██║░░░█████╗░░██╔██╗██║██║░░██╗░██║░░░██║ ░░░██║░░░██╔══╝░░██║╚████║██║░░╚██╗██║░░░██║ ░░░██║░░░███████╗██║░╚███║╚██████╔╝╚██████╔╝ ░░░╚═╝░░░╚══════╝╚═╝░░╚══╝░╚═════╝░░╚═════╝░ Blog:[redactado] We've hacked your network and copied your data. We've hacked your entire network and searched all your data. We've copied all your confidential data and uploaded it to a private storage device. You run a high-value business, and your data is critical. We've encrypted your files. As you're reading this message, your files and data have been encrypted by the world's most powerful ransomware. Your files have been encrypted with a new military-grade encryption algorithm, and you can't decrypt them. But don't worry, we can decrypt your files. There's only one way to recover your computers and servers and maintain your privacy: contact us via live chat and pay for the TENGU DECRYPTOR device and private decryption keys. The TENGU DECRYPTOR will restore your entire network in less than 5 hours. What are the guarantees? ------------------ We can make all your important data public and send emails to your competitors. We have a dedicated Open Network Intelligence (OSINT) team and a media team specializing in data leaks across [redactado] Facebook, Twitter, and major news sites. You can easily reach us. You could face major problems with serious consequences, including the loss of valuable intellectual property and other sensitive information, increased incident response costs, misuse of information, loss of customer trust, damage to your brand and reputation, and legal and regulatory issues. After paying the costs of a data breach and decryption, we guarantee that your data will never be leaked, and we remain completely silent to protect our reputation. Be careful! ------------------ We will only speak with authorized individuals. This could be your CEO, senior management, or others. If you're not one of these people, don't contact us! Your decisions and actions could seriously damage your company! Inform your superiors and stay calm! If you don't hear from us within 48 hours, we'll start posting your status on our official blog, and everyone will start noticing! Your Next Steps └─ Contact us via live chat to start the process and request a decryption test. 1) Download Tor Browser: [redactado] 2) Chat:[redactado] 3) Use this code— id —to log in to the chat
Affiliated with the Government of Mexico City, it provides information and services related to the Local Commission for Labor Conciliation and Arbitration (Junta Local de Conciliación y Arbitraje) in Mexico City (Ciudad de México).
La empresa Disuelas Jc Sas tiene como domicilio principal de su actividad la dirección, CALLE 26 SUR 29 49 en la ciudad de BOGOTA, BOGOTA. El teléfono de Disuelas Jc Sas es el 6016296011. Esta empresa fué constituida como SOCIEDAD POR ACCIONES SIMPLIFICADA y se dedica a Fabricacion de partes del calzado
| Organización | País | Sector | Grupo | Descubierta |
|---|---|---|---|---|
| Junta Local de Conciliación y Arbitraje | MX | Public Sector | — | 10 feb 2026 |
| Disuelas JC SAS | CO | Manufacturing | — | 26 ene 2026 |
| https://comercialautomotriz.com | EC | Manufacturing | — | 16 ene 2026 |
| Grupo Roa | CO | Agriculture and Food Production | — | 16 ene 2026 |
| baja.gob.mx | MX | Public Sector | — | 6 ene 2026 |
| Coral Clubes - Mexico | MX | Hospitality and Tourism | — | 23 nov 2025 |
| UniCursos, Brazil | BR | Education | — | 23 oct 2025 |
Las direcciones de los sitios de filtración (.onion) se conocen pero no se publican ni se enlazan. Solo se muestran metadatos públicos. ética
Comercial Automotriz de los Altos S.A. de C.V. is a Mexican small/medium-sized company operating in the automotive and tire sector. It specializes in: The sale of tires and auto parts Mechanical services and maintenance Retail sales and spare parts for vehicles It operates in several states, including Jalisco, Michoacán, and Aguascalientes, within the Los Altos region of Mexico.
Grupo ROA is a Mexican group of companies operating in the construction and infrastructure sector, founded on March 30, 1995 with the aim of meeting the challenges of large construction projects in the southeastern region of Mexico.
This is the official website of the Baja California State Government in Mexico — an important government site used to provide e-services, official information, procedures for citizens, news, and local government programs.
Coral Clubes - Mexico The Fimex Group offers a collection of luxury leisure and sports clubs, with a special focus on golf clubs and integrated resorts. Founded as a specialist in the leisure and sports sector, the group is dedicated to providing exceptional experiences for its members through world-class facilities. The group is committed to the highest standards of quality, service, and customer satisfaction.