Tengu Ransomware emerged as a disciplined RaaS group, using double extortion, custom tools, and Tor-based leak sites to hit about 50 victims before rebranding as Shisa in March 2026. #TenguRansomware #ShisaRansomware #RansomwareAsAService
www.hendryadrian.com
Tengu Ransomware emerged as a disciplined RaaS operation that used double extortion, custom tooling, and affiliate management to claim about 50 victims before rebranding as Shisa Ransomware in March 2026. Its activity spanned multiple regions and relied on Tor-based leak infrastructure, intermittent encryption, and tools such as StealTENGU, StealTG, and NetExec to steal data, disable defenses, and pressure victims to pay. #TenguRansomware #ShisaRansomware #StealTENGU #StealTG
