The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes

ESET and other researchers detail the activity of The Gentlemen ransomware RaaS, which centralizes and distributes an EDR-killer suite called GentleKiller (plus third-party BYOVD tools) to affiliates to disable endpoint defenses prior to encryption. The report documents exploitation of multiple vulnerable drivers and vendor-signed UEFI binaries (enabling Secure Boot bypass), a Rust-based credential stealer (OxideHarvest), the group's rapid operationalization of PoC BYOVD exploits, and an estimated 504 victims across multiple regions — highlighting a high-risk, actively exploited criminal capability.