the gentlemen
Ransomware group profile
Description
The Gentlemen is a financially motivated ransomware-as-a-service group that emerged in early 2023 and gained significant prominence by 2025. They utilize a double-extortion model, encrypting data while threatening to leak sensitive information, often accelerating pressure tactics without extensive negotiations.
Key insights
- •Targets primarily sectors like healthcare, technology, and construction, avoiding Commonwealth of Independent States entities.
- •Initial access often gained through exploitation of CVE-2024-55591 in FortiOS and FortiProxy devices.
- •Employs advanced tactics including BYOVD attacks for evasion and a pre-ransomware script to disable security measures.
- •Maintains a database of compromised credentials to enhance targeting and operational effectiveness.
- •Demonstrates a preference for rapid data publication to maximize pressure on victims.
Threat Level & Status Breakdown
For the gentlemen · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for the gentlemen in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for the gentlemen
- 7e366683f1d175278feefaaa35d87e87076931974506b9f373a775a428c28f10
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for the gentlemen
T1486
T1486
T1490
T1490
T1078
T1078
T1068
T1068
T1059
T1059
T1562
T1562
T1021
T1021
T1021.001
T1021.001
T1047
T1047
T1218
T1218
T1550
T1550
T1555
T1555
Victims(200)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Au Vieux Campeur | — | — | — | Unknown | about 24 hours ago | |
| Plateau Excavation | — | — | — | Unknown | 1 day ago | |
| Bell Hardware | — | — | — | Unknown | 1 day ago | |
| CHIFENG GOLD SEPON | — | — | — | Unknown | 1 day ago | |
| Natren | — | — | — | Unknown | 1 day ago | |
| Al Dhow Group | — | — | — | Unknown | 1 day ago | |
| Beran Concrete | — | — | — | Unknown | 1 day ago | |
| BDS CZ | — | — | — | Unknown | 1 day ago | |
| Stadttheater Giessen | — | — | — | Unknown | 1 day ago | |
| Gegenbauer Elektrotechnik | — | — | — | Unknown | 1 day ago | |
| Meccanica Gn | — | — | — | Unknown | 1 day ago | |
| MBO GmbH | — | — | — | Unknown | 3 days ago | |
| CTM India Limited motherson INDIA | — | — | Other | Unknown | 3 days ago | |
| GIA Partners | — | — | — | Unknown | 3 days ago | |
| Hooke Laboratories | — | — | — | Unknown | 3 days ago | |
| Rowley Properties | — | — | — | Unknown | 3 days ago | |
| Canada Wide Media | — | — | — | Unknown | 3 days ago | |
| ErgoMed | — | — | — | Unknown | 3 days ago | |
| Royal Thai Navy Housing Cooperative | — | — | — | Unknown | 3 days ago | |
| International Freight Services | — | — | — | Unknown | 3 days ago |
Page 1 of 10
Affected countries(89)
Countries where this group has been reported to target or leak victims.