[TENGU] – Ransomware Victim: Qatargas and Tar Company, Iran

AI Generated Summary of the Ransomware Leak Page

On October 23, 2025, the leak page associated with the Tengu ransomware group identifies Qatargas and Tar Company, Iran as a victim in the energy sector. The company is described as providing industrial gas and tar products to the petrochemical sector in Iran and regional markets. The post frames the incident as a data-leak event rather than a traditional encryption attack and notes that a claim URL is presented on the page. The page includes 21 image attachments—screenshots or scans of internal documents—intended as evidence of the breach, though the exact contents of the images are not detailed in the summary. In keeping with double-extortion patterns, the post suggests that the stolen data could be released publicly or made accessible, though no explicit ransom demand is disclosed in the summary.

According to the body excerpt, all confidential company files were stolen and personal information was made available to anyone, resulting in a flood of confidential records. The leaked materials are described as including production formulas, supplier agreements, employee files, financial audits, and customer distribution records. While the post does not publish a ransom amount, the emphasis on extensive data leakage and potential public dissemination aligns with a data-exfiltration impact rather than a complete encryption. The leak page notes a claim URL for further context, and the 21 image attachments are presented to illustrate the claim without detailing the contents of each image.