Skip to content
Tech News
← Back to articles

'The Gentlemen' Rapidly Rises to Ransomware Prominence

2026-04-22 | original
read original get Ransomware Protection Software → more articles
Why This Matters

The rise of The Gentlemen ransomware gang highlights the increasing sophistication and prevalence of cyber threats targeting corporate and organizational networks. Its rapid growth and advanced tactics underscore the urgent need for robust cybersecurity defenses to protect sensitive data and infrastructure.

Key Takeaways

A ransomware gang known as "The Gentlemen" has made a name for itself, claiming hundreds of victims in a matter of months.

The Gentlemen is a ransomware-as-a-service (RaaS) outfit that first popped up in mid-2025. While it operates fairly typical double extortion attacks (using both encryption and data leaking as extortion levers), The Gentlemen is known for sophisticated tactics, techniques, and procedures (TTPs), such as antivirus killers and complex infection chains.

Check Point Research this week published its latest findings concerning the gang, noting that it has claimed hundreds of victims and uses malware including something called SystemBC, which researchers described as "a proxy malware frequently leveraged in human‑operated ransomware operations for covert tunneling and payload delivery."

Check Point observed victim telemetry connected to SystemBC's command and control (C2) server, revealing a botnet of more than 1,570 victims. According to researchers, the infection profile strongly suggests "a focus on corporate and organizational environments rather than opportunistic consumer targeting." CPR's research primarily tracks this incident.

Related:How NIST's Cutback of CVE Handling Impacts Cyber Teams

For such a new gang, The Gentlemen has been nothing short of prolific. Comparitech researchers said the group claimed 202 attacks last quarter, second only to Qilin's 353 claims. Meanwhile NCC Group found The Gentlemen was responsible for 34 attacks in January and 67 in February; while not quite first place, it tracked comfortably alongside more established actors like Cl0p and Akira.

In The Gentlemen there are echoes of DragonForce, a RaaS gang that landed on the scene in 2023 and quickly made a name for itself, in this case for its cartel setup and ransomware "white labeling" business model.

Dillon Ashmore, cyber threat intelligence analyst at NCC Group, tells Dark Reading that The Gentlemen shows "all the hallmarks of cementing itself as a mainstay in the ransomware ecosystem, comparable to DragonForce, but emerging at a much greater scale and sophistication than DragonForce demonstrated at that same stage."

"DragonForce took almost two years to surpass 150 victims. In comparison, The Gentlemen passed that milestone in nine months," Ashmore says. "That gap speaks not just to a difference in pace and volume, but to the group's ability to sustain a high level of activity without experiencing the typical disruptions to a ransomware group's trajectory: affiliate defections, infrastructure seizures, or internal disputes."

Related:Tycoon 2FA Phishers Scatter, Adopt Device Code Phishing

... continue reading

Explore topics: ransomware the gentlemen check point research systembc c2 server
Related:
Kyber ransomware gang toys with post-quantum encryption on Windows
X makes it more expensive to post links through its API
Ransomware negotiator pleads guilty after leaking victims' insurance details to 'BlackCat' hackers — perp gave attackers a precise picture of exactly how much each target could afford to pay
A Ransomware Negotiator Pleads Guilty to Being a Double Agent
Ransomware Negotiator Pleads Guilty to BlackCat Scheme

© 2026 GoKawiil

About | Editorial Policy | Contact