Inside GentleKiller: The EDR-Killer Powering The Gentlemen

The report details The Gentlemen ransomware-as-a-service operation and its centralized EDR-killer suite, GentleKiller, which uses Bring Your Own Vulnerable Driver (BYOVD) techniques across multiple variants to rapidly disable endpoint security before ransomware deployment; it also covers affiliated third-party EDR killers, a Rust-based credential stealer (OxideHarvest), victim selection practices from leaked internal data, and operator attribution.