The Gentlemen ransomware gang’s inner workings leaked

Nascent ransomware-as-a-service operation The Gentlemen, which emerged following a dispute with Qilin, had its operational secrets exposed by its hastalamuerte ransomware affiliate, indicating escalating tensions between cybercrime groups, Infosecurity Magazine reports.

Dual-extortion tactics have been leveraged by The Gentlemen, which targets Windows, Linux, and ESXi environments, as well as vulnerable Fortinet FortiGate VPN appliances, according to a Group-IB analysis. Aside from harnessing PowerShell and Windows Management Instrumentation for lateral movement and launching anti-forensic tools to ensure stealth, The Gentlemen also moves to compromise backup and security systems, as well as perform cross-platform encryption.

Additional Bring Your Own Vulnerable Driver exploitation and comprehensive log deletion have also been conducted to complicate forensic analysis of intrusions. While the findings showed increasingly specialized and professionalized operations among RaaS gangs, increasing turmoil within the landscape, as evidenced by hastalamuerte's leak, could provide new opportunities to clamp down on such threats, said researchers.