The Gentlemen Ransomware Group Expands With New Lockers and Custom Tools
ID: c5b2a3e5-64ea-58ef-b4a1-82d5d5070de0
STIX ID: report--c5b2a3e5-64ea-58ef-b4a1-82d5d5070de0
Feed Name: securityonline.info
The Gentlemen is a rapidly scaling ransomware-as-a-service operation active in 2026 that uses exposed edge devices, stolen credentials, vulnerable-driver attacks, and network spreading (GPO, NETLOGON, PsExec). Kaspersky and other vendors observed a Go-based backdoor and a C-based locker, sophisticated sandbox-evasion and file-encryption methods, and a data-leak extortion model impacting hundreds of large organizations across multiple industries and countries; defenders are advised to patch remote access, enforce MFA, monitor for reconnaissance and vulnerable-driver loads, and maintain offline backups.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
