Ransomware Abuses SYSTEM Task to Encrypt Drives with Elevated Privileges
ID: 73e6cc4b-880e-5acb-9bf3-78e40fca4498
STIX ID: report--73e6cc4b-880e-5acb-9bf3-78e40fca4498
Feed Name: GBHackers
Threat Score
This report analyzes 'The Gentlemen' ransomware, a rapidly adopted RaaS strain that uses SYSTEM-level scheduled tasks to perform robust per-file encryption (Curve25519 + XChaCha20), disables defenses (Defender, shadow copies, logs), and aggressively propagates across networks via PsExec, WMI, scheduled tasks, services, and PowerShell remoting while employing double extortion; it includes IOCs (SHA-256 hashes) and recommends prioritizing detection of scheduled task abuse, privilege escalation, and unusual lateral movement.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.