License to Encrypt: Make Their Move

'The Gentlemen' ransomware group emerged in July 2025, employing advanced dual-extortion tactics. They encrypt data and exfiltrate sensitive information, threatening to release it unless a ransom is paid. The group developed their own Ransomware-as-a-Service (RaaS) platform after experimenting with various affiliate models. Their latest update introduces automatic self-restart, run-on-boot functionality, and flexible encryption speeds. The ransomware targets both local disks and network-shared drives, supporting Windows, Linux, and ESXi platforms. Key features include reliable encryption using XChaCha20 and Curve25519, configurable attack methods, and persistent access capabilities. The group has published 47 victims on their dark web leak site within two months of operation.

Pulse ID: 691d846bee2607ac565b349a
Pulse Link: https://otx.alienvault.com/pulse/691d846bee2607ac565b349a
Pulse Author: AlienVault
Created: 2025-11-19 08:48:43

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#ChaCha20 #CyberSecurity #ELF #Encryption #Extortion #ICS #InfoSec #Linux #OTX #OpenThreatExchange #RAT #RaaS #RansomWare #RansomwareAsAService #Windows #bot #AlienVault