Buy Me a Coffee

Sponsored by Hudson Rock Use Hudson Rock's free cybercrime intelligence tools to learn how Infostealer infections are leading to ransomware attacks

Ransom Notes: [rand2].README.txt

████████╗███████╗███╗░░██╗░██████╗░██╗░░░██╗
╚══██╔══╝██╔════╝████╗░██║██╔════╝░██║░░░██║
░░░██║░░░█████╗░░██╔██╗██║██║░░██╗░██║░░░██║
░░░██║░░░██╔══╝░░██║╚████║██║░░╚██╗██║░░░██║
░░░██║░░░███████╗██║░╚███║╚██████╔╝╚██████╔╝
░░░╚═╝░░░╚══════╝╚═╝░░╚══╝░╚═════╝░░╚═════╝░

TENGU Locker

Blog: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/

http://longejh5gj5igfinj36rmqt2ydx2vun6zmditi3ij6hebawnn4xucqad.onion/
http://longf6faa6tiudn5n6ar77z5balign2cxo2tjfsxuf6wnlzjamqew2yd.onion/
http://longhbqhzlv3p7tvx3iwhfizkmtkm2nhnlbw5d4qr65wjz5e6aa23mid.onion/
http://longjr5sl6a57ajn52nysmvgobmb7lktjthssmt2jeyjagk3rw36djyd.onion/

We have breached your network and copied your data.

We have copied all your confidential data and uploaded it to a private storage device.

You run a high-value company, and your data is critical.

We have encrypted your files.

As you read this message, your network, or at least a device within your network, will have been encrypted by the world's most powerful ransomware.

Your files have been encrypted using a new military-grade encryption algorithm, and you cannot decrypt them.

But don't worry, we can decrypt your files.

There is only one way to recover your computers and servers and maintain your privacy: contact us via live chat and pay for the unlocker software and private decryption keys.

The unlocker will fully restore your network in less than 5 hours. What are the guarantees?

-----------------

We can publish all your important data and send emails to your competitors.

We have a dedicated Open Network Intelligence (OSINT) team and a media team specializing in data leaks across Telegram, Facebook, Twitter, and major news sites.

You could face significant problems with serious consequences, including:

- Loss of valuable intellectual property
- Increased incident response costs
- Misuse of information
- Loss of customer trust
- Damage to your brand and reputation
- Legal and regulatory issues

After you pay the costs of the data breach and decryption, we guarantee that we will not attack you again and will permanently delete your data from our servers.

------------------

We will only communicate with authorized individuals. This could be your CEO, senior management, or others.

If you are not one of these people, do not contact us!

Inform your superiors and remain calm! If we do not receive a response from you within 48 hours, we will begin publishing your data on our official blog.

Your next steps:

1) Download the Tor Browser: https://www.torproject.org/download/

2) Visit the chat: http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/chat/[snip]/

3) Use this ID to log in: [snip]

4) Supp: A458DAEFD26B207A65C2D0164B354DA25F7A77D7E52D1B16E577F3A143D8EC7C272B58F72FDD

Do not attempt to decrypt the files yourself - you may cause permanent data loss!
Indicators of Compromise
Type IOC
onion url http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/
onion url http://longcc4fqrfcqt5lzceutylaxir6h66fp6df3oin6mvwvz6pfdbxc6qd.onion/chat/[snip]/
onion url http://longejh5gj5igfinj36rmqt2ydx2vun6zmditi3ij6hebawnn4xucqad.onion/
onion url http://longf6faa6tiudn5n6ar77z5balign2cxo2tjfsxuf6wnlzjamqew2yd.onion/
onion url http://longhbqhzlv3p7tvx3iwhfizkmtkm2nhnlbw5d4qr65wjz5e6aa23mid.onion/
onion url http://longjr5sl6a57ajn52nysmvgobmb7lktjthssmt2jeyjagk3rw36djyd.onion/
tox id A458DAEFD26B207A65C2D0164B354DA25F7A77D7E52D1B16E577F3A143D8EC7C272B58F72FDD