Back

Gentlemen RaaS Targets Windows, Linux, and ESXi with New C Locker

Severity: High (Score: 66.5)

Sources: Cybersecuritynews, Gbhackers

Summary

The Gentlemen ransomware-as-a-service (RaaS) operation has emerged as a significant threat to corporate networks, targeting multiple platforms including Windows, Linux, NAS, BSD, and VMware ESXi. This group has rapidly expanded since its inception around mid-2025, claiming over 320 victims, with more than 240 attacks reported in early 2026 alone. The ransomware is designed with strong defense-evasion capabilities, making it particularly dangerous for organizations. The new locker, written in C, is specifically aimed at hypervisor environments, enhancing its impact. The Gentlemen RaaS has built a well-organized affiliate ecosystem, contributing to its swift growth and increasing threat level. As of now, the operation continues to pose a high risk to various sectors worldwide. Key Points: • Gentlemen RaaS targets Windows, Linux, NAS, BSD, and ESXi systems. • Over 320 victims reported, with more than 240 attacks in early 2026. • The ransomware features strong defense-evasion capabilities and is written in C.

Key Entities

  • Ransomware (attack_type)
  • T1486 - Data Encrypted for Impact (mitre_attack)
  • BSD (platform)
  • ESXi (platform)
  • Linux (platform)
  • NAS (platform)
  • VMware ESXi (platform)
  • Gentlemen RaaS (ransomware_group)
  • The Gentlemen (ransomware_group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed