| SYMBOL | COMMON_NAME | aka. SYNONYMS |
The Gentlemen is a ransomware group that employs a dual-extortion strategy, encrypting sensitive files while exfiltrating critical business data to pressure victims into paying ransoms. Their operations leverage advanced techniques such as abusing legitimate utilities like PowerRun.exe for privilege escalation, using custom-built tools for defense evasion, and employing flexible encryption methods based on file size. The group targets medium to large organizations across various sectors, particularly in the Asia-Pacific region, and has demonstrated a high level of technical maturity and operational discipline. Their activities include systematic compromise of enterprise environments, mass account enumeration, and the use of encrypted channels for data exfiltration.
| 2026-02-12
⋅
SOCRadar
⋅
Dark Web Profile: The Gentlemen Ransomware Gentlemen The Gentlemen |
| 2025-11-18
⋅
Cybereason
⋅
License to Encrypt: “The Gentlemen” Make Their Move Gentlemen The Gentlemen |
| 2025-09-09
⋅
Trend Micro
⋅
Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed Gentlemen The Gentlemen |