A new ransomware-as-a-service group called 'The GentlemenThe' has rapidly emerged as a major threat actor, claiming over 200 attacks in Q1 2026 alone — second only to established group QilinThe. The gang uses sophisticated TTPs including SystemBC proxy malware for covert tunneling, Active Directory Group Policy for mass ransomware deployment, antivirus killers, and a VMware ESXi-specific variant that evades most AV detection. Written in Go and under continuous development, the ransomware pays affiliates 90% of extortion proceeds. Check Point Research identified a botnet of over 1,570 victims connected to the group's C2 infrastructure. Security researchers compare its rapid rise to DragonForce but note it has scaled faster and with greater sophistication, though some operational security weaknesses remain, such as using consumer chat apps for victim negotiations and reliance on aging tools like CobaltStrike.
Sort: