New Ransomware Victims Revealed: Tengu Strikes Shorama, Qilin Targets ABAR SpA

In a recent report by the ThreatMon Threat Intelligence Team, two new ransomware attacks have been detected, further raising alarms about the growing threats in the digital landscape. The first attack comes from the notorious “Tengu” ransomware group, which has now added the Moroccan website shora.ma to its growing list of victims. The second attack involves the Qilin ransomware group, which has claimed responsibility for an attack on the Italian company ABAR S.p.A. These incidents highlight the ongoing prevalence of cybercrime activities targeting both large corporations and smaller, regional entities.

According to information obtained from Dark Web ransomware activity data, both groups have demonstrated advanced tactics, using sophisticated methods to breach systems and hold sensitive data for ransom. The ThreatMon platform has been instrumental in identifying these new victims, tracking the actors, and providing vital Intelligence to understand and counter the threats posed by these malicious groups.

What Undercode Says: The Rise of Sophisticated Ransomware Actors

The Tengu and Qilin ransomware groups are two examples of a growing trend in the cybersecurity world—targeting a broad spectrum of organizations, from smaller sites to multinational corporations. While these attacks are not isolated incidents, the increase in sophistication and variety in ransomware tactics raises new concerns. Attackers now go beyond simply encrypting files. They focus on stealing intellectual property, compromising sensitive data, and threatening to leak this information unless demands are met. This strategy of double extortion has proven effective in compelling organizations to pay ransoms, and the Tengu and Qilin groups have adopted this model with apparent success.

Both groups are active in the Dark Web, which has become a hub for selling access to stolen data, malicious services, and even ransomware as a service (RaaS). The access to these tools has made it easier for less technically skilled actors to launch large-scale ransomware campaigns. With this increasing accessibility, more organizations must rethink their security protocols and adopt proactive measures such as frequent backups, network segmentation, and real-time threat monitoring.

It’s important to note that while the companies impacted by these attacks—like shora.ma and ABAR S.p.A.—may seem like smaller or regional targets, they represent an increasingly popular class of victims for cybercriminals. Attackers often focus on companies that may lack the resources to effectively defend against sophisticated cyber threats. This highlights a critical gap in cybersecurity practices where many organizations, especially in emerging markets, are not adequately prepared for modern-day cybercrime.

As ransomware attacks continue to evolve, it’s clear that no one is safe. Whether small local companies or larger international corporations, all are at risk. The key takeaway from this is the increasing vulnerability of digital infrastructures and the pressing need for heightened cybersecurity awareness and preparedness.

🔍 Fact Checker Results

✅ The data provided by ThreatMon appears accurate, based on their ongoing monitoring of ransomware activity on the Dark Web.

✅ Tengu and Qilin are known ransomware groups, with a history of attacks on both regional and global targets.

✅ Both incidents align with the broader trend of ransomware attacks targeting diverse organizations and using double extortion tactics.

📊 Prediction

Given the increasing accessibility of ransomware tools on the Dark Web and the growing number of targets, we can expect the frequency of these attacks to rise. With the increasing sophistication of ransomware groups, it is likely that more companies, particularly smaller ones, will be added to the growing list of victims in the coming months.