How would your establishment recover if all its critical data were encrypted overnight? Learn about the recent surge in The Gentlemen ransomware attacks and the steps you can take to protect your business.

What Is The Gentlemen?

"The Gentlemen" is a prominent, fast-growing Ransomware-as-a-Service (RaaS) cybercriminal group that emerged in mid-2025 and quickly became one of the most active operators globally.

They first "rented" infrastructure, negotiation platforms, and software from established, large-scale ransomware groups like LockBit, Qilin, and Medusa. After mastering these tools, they broke away to launch their own branded syndicate.

Inside The Gentlemen Ransomware Campaign

The group runs an affiliate model where a core team builds the tooling and negotiation platform, while affiliates execute the intrusions. Here's how it works.

  1. Initial Access

The attackers will first try to break into a company's network. They usually do it by logging in using stolen employee credentials or exploiting unpatched system vulnerabilities.

  1. Reconnaissance and Privilege Escalation

Once inside, the attackers secretly navigate the network to map out the system. They look for administrative accounts, which give them full control over the company's domain, and locate where critical files and backups are stored.

  1. Disabling Defenses

Before launching The Gentlemen ransomware, the attackers use custom tools (often referred to as "EDR killers") to shut down the company's antivirus and security software. This blinds the security team, preventing them from stopping the attack in progress.

  1. Data Theft and Encryption

After copying the company's most sensitive data and transferring it to their own servers, the attackers deploy the Go-based encryptor across the network. This particular malware is notable for its advanced encryption techniques, often only scrambling files just enough to render them useless while saving the threat actors time.

  1. The Extortion Demand

The attackers leave a ransom note, usually demanding payment in cryptocurrency, and use a two-pronged threat:

  • Pay to decrypt: Victims who pay receive a digital key to unlock their files.
  • Pay to prevent a leak: When a victim refuses, the attackers threaten to publish the stolen confidential data on their dark web leak site.

Building Resilience Against Ransomware Threats

The Gentlemen have attacked multiple critical infrastructure sectors and regions with self-propagating ransomware. Why wait until your business gets added to the list of 478 victims? Consider the following steps:

  • Regularly back up your data: When ransomware strikes, having access to critical files may save your business from paying a hefty ransom.
  • Patch and update systems: Outdated software is a common entry point for attackers. Keep your operating systems, applications, and firmware updated.
  • Implement robust endpoint protection: Advanced Endpoint Detection and Response (EDR) solutions can detect and block ransomware before it wreaks havoc.
  • Train your team: Ransomware often starts with a single careless click.
  • Adopt network segmentation: Isolate digital assets by segregating networks to limit the spread of ransomware.

By following these steps, you can fortify your defenses against The Gentlemen ransomware and other evolving cyber threats. Don't wait for a breach to learn the hard way and prepare now.

Used with permission from Article Aggregator