Global Gentlemen ransomware intrusions ramp up

Cybernews reports that attacks by the nascent Gentlemen ransomware operation have already impacted at least 17 countries in the Americas, Asia-Pacific, and the Middle East.

Manufacturing, healthcare, construction, and insurance firms have been targeted by Gentlemen, which has employed a double extortion model since being discovered in August, according to an analysis from the AhnLab Security Intelligence Center. Several evasion techniques, including Windows Defender deactivation, backup and database-related service stoppage, and log removal, have been conducted by the Go-based Gentlemen ransomware prior to execution in environments through a required password parameter.

Gentlemen proceeds to encrypt system files with a unique key and a dynamically generated nonce before deploying a ransom note warning of the public exposure of stolen data should victims refuse to fulfill the attackers' demands. There has also been no indication to conclude that Gentlemen has been using the ransomware-as-a-service model, researchers added.