The Gentlemen Ransomware Group Expands Operations with New Tools

The Gentlemen Ransomware Group Expands Operations with New Tools

First seen 1 Jul 2026, 08:03 UTC KasperskyWeex 71% similarity 69.5
Share:

Article Content

Browse articles
ThreatCluster

Kaspersky's research reveals that The Gentlemen ransomware group, active since mid-2025, is expanding its operations with new custom-built malware tools. This group targets various industries, including healthcare and finance, primarily exploiting internet-facing services and compromised credentials for initial access. Their tactics include deploying a sophisticated backdoor for reconnaissance before ransomware execution, indicating a high level of sophistication. The group has also developed a new ransomware variant focused on Windows systems, suggesting ongoing refinement of their capabilities. Kaspersky reported that The Gentlemen attempted to disable their security solutions during attacks, although these efforts were thwarted. The evolving nature of this group poses a significant threat to organizations globally, with expectations of increased attacks in the near future.

Key Points: • The Gentlemen ransomware group has evolved with new custom-built malware tools. • They primarily exploit internet-facing services and compromised credentials for initial access. • The group is expanding its operations across multiple industries, indicating a growing threat.

ThreatCluster AI

Timeline

2025-06-01
The Gentlemen ransomware group emerges
The group is believed to have started operations around mid-2025, targeting various industries.
Kaspersky
2026-06-29
Kaspersky reports on The Gentlemen's new tactics
Kaspersky's GReAT team identified new custom tools used by The Gentlemen, including a backdoor and a new ransomware variant.
Kaspersky
Recent
The Gentlemen attempt to disable Kaspersky products
The group tried to remove Kaspersky security solutions during their attacks, but their efforts were blocked.
Kaspersky

Community

Browse all →