Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed www.trendmicro.com/en_us/res…

The Gentlemen ransomware group launched a campaign involving advanced, highly tailored tools specifically designed to bypass enterprise endpoint protections. The campaign leveraged a combination of legitimate driver abuse, Group Policy manipulation, custom anti-AV utilities, privileged account compromise, and encrypted exfiltration channels.

The group targeted multiple industries and regions, focusing heavily on a range of industries such as manufacturing, construction, healthcare, and insurance, with attacks spanning at least 17 countries.

The Gentlemen show advanced capabilities by systematically compromising enterprise environments, using versatile tools from generic anti-AV utilities to targeted variants, highlighting serious threat to organizations despite security measures. The group also engineered ransomware deployment via privileged domain accounts and created evasion methods to persist against security controls.