logo

The Gentlemen Ransomware Group Expands With New Lockers and Custom Tools

ID: c5b2a3e5-64ea-58ef-b4a1-82d5d5070de0

STIX ID: report--c5b2a3e5-64ea-58ef-b4a1-82d5d5070de0

Feed Name: securityonline.info

Threat Score
80/100

Date Published: 2026-07-02

Date Updated: 2026-07-02

Author: Do Son

...
...

The Gentlemen is a rapidly scaling ransomware-as-a-service operation active in 2026 that uses exposed edge devices, stolen credentials, vulnerable-driver attacks, and network spreading (GPO, NETLOGON, PsExec). Kaspersky and other vendors observed a Go-based backdoor and a C-based locker, sophisticated sandbox-evasion and file-encryption methods, and a data-leak extortion model impacting hundreds of large organizations across multiple industries and countries; defenders are advised to patch remote access, enforce MFA, monitor for reconnaissance and vulnerable-driver loads, and maintain offline backups.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.