Weex
The Gentlemen Ransomware Group Expands Operations with New Tools
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Kaspersky's research reveals that The Gentlemen ransomware group, active since mid-2025, is expanding its operations with new custom-built malware tools. This group targets various industries, including healthcare and finance, primarily exploiting internet-facing services and compromised credentials for initial access. Their tactics include deploying a sophisticated backdoor for reconnaissance before ransomware execution, indicating a high level of sophistication. The group has also developed a new ransomware variant focused on Windows systems, suggesting ongoing refinement of their capabilities. Kaspersky reported that The Gentlemen attempted to disable their security solutions during attacks, although these efforts were thwarted. The evolving nature of this group poses a significant threat to organizations globally, with expectations of increased attacks in the near future.
Key Points: • The Gentlemen ransomware group has evolved with new custom-built malware tools. • They primarily exploit internet-facing services and compromised credentials for initial access. • The group is expanding its operations across multiple industries, indicating a growing threat.