The Gentlemen emerging as key ransomware player | Computer Weekly

The Gentlemen emerging as key ransomware player | Computer Weekly

Briefly

"The Gentlemen is an adept group that can easily and systematically bypass enterprise defences, leveraging tools from generic anti-AV utilities, according to Trend Micro, which was one of the first to track the gang last year."

"NCC said the gang is quickly evolving into a highly operational ransomware-as-a-service (RaaS) operation with advanced tooling and proxy infrastructure to accelerate its attacks. The double extortion gang supports a broad set of target platforms, including Windows, Linux, NAS, BSD and VMware ESXi."

"Its ransomware uses XChaCha20 and Curve25519 encryption, which allows it to lock its victims' files faster and at scale, with secure key generation through modern elliptic curve cryptography, which suggests the work of a sophisticated and established actor with "impeccable" ransomware nous."

"Analysts are now also observing the use of proxy and backdoor malware known as SystemBC by The Gentlemen's affiliates to enhance the efficacy of their attacks. SystemBC infected systems serve as SOCKS6 proxies that enable cyber criminals to tunnel traffic through compromised hosts, which makes command and control (C2) activity much harder to trace, and improves its users' ability to move laterally, or pivot in their victims' environments."