Researchers have identified a significant expansion in the operations of "The Gentlemen" ransomware-as-a-service (RaaS), which has recently integrated the SystemBC proxy malware to facilitate network tunneling and lateral movement. By utilizing custom RC4-encrypted protocols and SOCKS5 tunnels, the group has compromised over 1,570 corporate networks. The group demonstrates high technical proficiency, targeting diverse platforms including Windows, Linux, and ESXi, while employing advanced evasion techniques like disabling Windows Defender through PowerShell scripts and abusing Group Policy Objects (GPOs) for domain-wide impact.
The broader ransomware landscape is shifting toward extreme specialization and reduced dwell times, with groups like Akira achieving full encryption in under an hour. Emerging families like Kyber are focusing on specific environments such as VMware ESXi using Rust and C++ encryptors. Despite increased law enforcement pressure, the ecosystem remains industrialized and resilient, with attackers increasingly targeting small to mid-sized organizations and operational technology (OT) environments during off-peak hours to bypass defensive responses.
Top comments (0)