DFIR Report – The Gentlemen & SystemBC: A Sneak Peek Behind the Proxy

**Executive summary:** The report analyzes "The Gentlemen" RaaS—an active, multi‑platform ransomware affiliate ecosystem (Windows/Linux/ESXi) that has publicly claimed ~320 victims and is associated with SystemBC and a botnet of >1,570 infected hosts; it includes a DFIR timeline, detailed TTPs (credential theft, PsExec/WMI/PsExec/Group Policy mass deployment, Defender/firewall disabling), full technical breakdown of encryption/persistence, and extensive IOCs and a YARA rule for detection.