the gentlemen
Ransomware group profile
Description
The Gentlemen is a financially motivated ransomware-as-a-service group that emerged in early 2023 and gained significant prominence by 2025. They utilize a double-extortion model, encrypting data while threatening to leak sensitive information, often accelerating pressure tactics without extensive negotiations.
Key insights
- •Targets primarily sectors like healthcare, technology, and construction, avoiding Commonwealth of Independent States entities.
- •Initial access often gained through exploitation of CVE-2024-55591 in FortiOS and FortiProxy devices.
- •Employs advanced tactics including BYOVD attacks for evasion and a pre-ransomware script to disable security measures.
- •Maintains a database of compromised credentials to enhance targeting and operational effectiveness.
- •Demonstrates a preference for rapid data publication to maximize pressure on victims.
Threat Level & Status Breakdown
For the gentlemen · Based on incidents in selected period
Recent activity
Monthly attack count for the gentlemen in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for the gentlemen
- 7e366683f1d175278feefaaa35d87e87076931974506b9f373a775a428c28f10
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for the gentlemen
T1486
T1486
T1490
T1490
T1078
T1078
T1068
T1068
T1059
T1059
T1562
T1562
T1021
T1021
T1021.001
T1021.001
T1047
T1047
T1218
T1218
T1550
T1550
T1555
T1555
Victims(200)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Grupo LTZ | — | BR Brazil | Retail & E-Commerce | Unknown | 2 days ago | |
| Suburban Water | — | US United States | Energy & Utilities | Unknown | 2 days ago | |
| Soniva Dental | — | US United States | Healthcare | Unknown | 2 days ago | |
| Brian Jessel BMW | — | CA Canada | Manufacturing | Unknown | 2 days ago | |
| Harrell Martin Peace | — | US United States | Professional Services | Unknown | 2 days ago | |
| Computime Group | — | US United States | Manufacturing | Unknown | 2 days ago | |
| Bouri Group | — | EG Egypt | Manufacturing | Unknown | 2 days ago | |
| National Industries | — | IN India | Manufacturing | Unknown | 2 days ago | |
| Arabian Procession Holding | — | SA Saudi Arabia | Other | Unknown | 2 days ago | |
| Smile Siam Printing Service | — | TH Thailand | Manufacturing | Unknown | 2 days ago | |
| Fibrenoire | — | CA Canada | Technology | Unknown | 2 days ago | |
| Weckworth Manufacturing | — | US United States | Manufacturing | Unknown | 2 days ago | |
| M Rocha J Serra Lda | — | PT Portugal | Manufacturing | Unknown | 2 days ago | |
| Anandji Haridas | — | IN India | Manufacturing | Unknown | 2 days ago | |
| Corporacion Prokompra | — | VE Venezuela | Retail & E-Commerce | Unknown | 6 days ago | |
| Heartland Growers | — | US United States | Other | Unknown | 6 days ago | |
| Grupo Premier | — | MX Mexico | Manufacturing | Unknown | 6 days ago | |
| Fonderia Corra | — | IT Italy | Manufacturing | Unknown | 6 days ago | |
| Techmar | — | NL Netherlands | Technology | Unknown | 8 days ago | |
| Mayelia Automotive | — | CI Ivory Coast | Manufacturing | Unknown | 8 days ago |
Page 1 of 10
Affected countries(75)
Countries where this group has been reported to target or leak victims.