Threat Profile of The Gentlemen Ransomware

This document is a threat profile detailing The Gentlemen Ransomware, which first emerged in August 2025 and operates as a ransomware-as-a-service (RaaS). The group employs a double extortion method, encrypting victim data while exfiltrating sensitive information, threatening to leak it if the ransom is not paid. The profile outlines the group's operational tactics, including sophisticated attack strategies and significant reconnaissance efforts on victims. The document specifies the most frequently targeted industries, primarily focusing on industrial sectors in South America and Asia. It describes the tools and methods used by the group, such as creating new accounts, modifying system processes, and utilizing remote access applications like AnyDesk. Furthermore, it details the ransomware's behavior, including file encryption techniques and the deployment of ransom notes. The profile concludes with an assessment of the group's potential persistence and the ongoing threat posed by ransomware operations globally.