DEV Community

Mark0
Mark0

Posted on

No Manners Here: The Ruthless Rise of The Gentlemen Ransomware

The Gentlemen (Storm-2697) has emerged as a major Ransomware-as-a-Service (RaaS) threat, showing a significant surge in activity throughout 2026. Initially operating as an affiliate of Qilin, the group transitioned to an independent model that offers affiliates an unprecedented 90% payout. Their ransomware variants are developed in both C and Go, providing cross-platform capabilities that allow them to target diverse operating systems and virtualized infrastructures effectively.

The group is noted for its sophisticated technical arsenal, including a custom EDR killer framework named "GentleKiller" and the exploitation of several high-profile vulnerabilities such as CVE-2024-55591 and CVE-2025-32433. With a six-fold increase in victim volume in the first half of 2026, the group has heavily targeted the manufacturing sector. Organizations are urged to implement strict SMB signing, enable EDR tamper protection, and maintain robust offline backups to defend against this rapidly evolving threat.


Read Full Article

Top comments (0)