Emulating the Gentlemen Ransomware

**Executive summary:** This AttackIQ emulation details The Gentlemen ransomware (active since July 2025), its double-extortion model, cross-platform malware (Windows/Linux/ESXi), tradecraft (reconnaissance, GPO abuse, living-off-the-land), defense-evasion and encryption techniques (XChaCha20/Curve25519), example SHA256 samples, and comprehensive TTP-based scenarios to validate security controls against this threat.