The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm
The Gentlemen ransomware operation has impacted 478 victims, according to an analysis by cybersecurity firm Cyble. This financially motivated threat group initially functioned as an affiliate, executing double extortion attacks and utilizing resources from multiple ransomware-as-a-service (RaaS) platforms. These platforms include LockBit, also known as Tenacious Mantis; Qilin, or Pestilent Mantis; and Medusa, identified as Venomous Mantis. The group's tactics involve exploiting vulnerabilities in Remote Desktop Protocol (RDP) and VPNs to gain initial access, subsequently deploying their ransomware. Cyble's report highlights that The Gentlemen group exhibits worm-like capabilities, enabling it to spread laterally across networks without human intervention, significantly increasing the potential damage of an attack. Their double extortion strategy involves exfiltrating sensitive data before encrypting it, then threatening to leak the stolen information if the ransom is not paid. The analysis also indicates that The Gentlemen group has been active since at least November 2022, with its primary targets being organizations in the United States, followed by those in the United Kingdom and Canada. The group's operational model, leveraging RaaS, allows for scalability and adaptability, making it a persistent threat in the cybercrime landscape.
Original source — read the full reporting at the publisher:
Read on The Hacker News