the gentlemen
Ransomware group profile
Description
The Gentlemen is a financially motivated ransomware-as-a-service group that emerged in early 2023 and gained significant prominence by 2025. They utilize a double-extortion model, encrypting data while threatening to leak sensitive information, often accelerating pressure tactics without extensive negotiations.
Key insights
- •Targets primarily sectors like healthcare, technology, and construction, avoiding Commonwealth of Independent States entities.
- •Initial access often gained through exploitation of CVE-2024-55591 in FortiOS and FortiProxy devices.
- •Employs advanced tactics including BYOVD attacks for evasion and a pre-ransomware script to disable security measures.
- •Maintains a database of compromised credentials to enhance targeting and operational effectiveness.
- •Demonstrates a preference for rapid data publication to maximize pressure on victims.
Threat Level & Status Breakdown
For the gentlemen · Based on incidents in selected period
Status Breakdown
Recent activity
Monthly attack count for the gentlemen in the selected period
Intelligence
IOCs, YARA/Sigma rules, and related families for the gentlemen
- 7e366683f1d175278feefaaa35d87e87076931974506b9f373a775a428c28f10
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for the gentlemen
T1486
T1486
T1490
T1490
T1078
T1078
T1068
T1068
T1059
T1059
T1562
T1562
T1021
T1021
T1021.001
T1021.001
T1047
T1047
T1218
T1218
T1550
T1550
T1555
T1555
Victims(200)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Athens Orthopedic Clinic | — | — | — | Unknown | about 1 hour ago | |
| hiidden | — | — | — | Unknown | 1 day ago | |
| Ty Thac Co | — | — | — | Unknown | 1 day ago | |
| Amigest | — | — | — | Unknown | 1 day ago | |
| Yudu Technology | — | — | Technology | Unknown | 1 day ago | |
| Burris MacOmber | — | — | — | Unknown | 1 day ago | |
| Sertrans | — | — | — | Unknown | 1 day ago | |
| Cofaq | — | — | — | Unknown | 1 day ago | |
| Al Khaja Holding | — | — | — | Unknown | 1 day ago | |
| SGS Malaysia | — | — | — | Unknown | 1 day ago | |
| TERRIO Therapy Fitness | — | — | — | Unknown | 1 day ago | |
| Vera Chimie Management | — | — | — | Unknown | 1 day ago | |
| Alexander Buch Bilanzbuchhalter | — | — | — | Unknown | 1 day ago | |
| ****** Agency | — | US United States | Financial Services | Unknown | 4 days ago | |
| CUI Agency | — | US United States | Financial Services | Unknown | 4 days ago | |
| Buechel Stone | — | US United States | Manufacturing | Unknown | 4 days ago | |
| Maine Oxy | — | US United States | Energy & Utilities | Unknown | 4 days ago | |
| Times Software | — | SG Singapore | Technology | Unknown | 4 days ago | |
| Traublinger | — | DE Germany | Hospitality | Unknown | 4 days ago | |
| Fecovita | — | AR Argentina | Manufacturing | Unknown | 4 days ago |
Page 1 of 10
Affected countries(89)
Countries where this group has been reported to target or leak victims.