How The Gentlemen Ransomware Spreads and Encrypts Entire Networks
By
[email protected] (Umut Bayram)
2d agoen
Source
picussecurity.comHow The Gentlemen Ransomware Spreads and Encrypts Entire Networkspicussecurity.comKey Takeaways The Gentlemen ransomware is a RaaS threat written in Go , obfuscated with Garble , and active since mid-2025 . It targets education, transportation, healthcare, and financial sectors across five continents. The ransomware encrypts files using a hybrid Curve25519 and XChaCha20 scheme with unique per-file ephemeral keys. Its self-propagation module attempts up to 21 remote execution techniques per target host on the network. The Picus Platform simulates Gentlemen Ransomware attacks across both network infiltration and email infiltration attack modules. The Gentlemen ransomware is a ransomware-as-a-service (RaaS) threat, written in Go and obfuscated with Garble, that first emerged around mid-2025 and primarily targets organizations in the education, transportation, healthcare, and financial sectors across North America, South America, Europe, Africa, and Asia.
You might also wanna read
New 'The Gentlemen' Ransomware Uses SYSTEM Scheduled Tasks to Encrypt Drives with Elevated Privileges
A newly analyzed ransomware strain called The Gentlemen, built in Go and obfuscated with Garble, is raising alarms in cybersecurity. It comb
cybersecuritynews.com·1mo ago
Global Expansion of Gentlemen Ransomware Threats
Cyber Web Spider Blog·18h ago
Investigating the Identity Behind the Ransomware Group 'The Gentlemen'
A cybercrime group called The Gentlemen has become the second most active ransomware gang by victim count, using an aggressive recruitment s
krebsonsecurity.com·26d ago
LockBit's Automated Ransomware Processes Present Unique Challenges
Packetlabs·4y ago
Ransomware Groups Increasing Zero-Day Exploit-Based Access Methods
Packetlabs·3y ago

Mercado Libre: Mercado Libre hit by ransomware attack
Rankiteo·14h ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.