217/69 Wednesday, April 22, 2026
A new ransomware group known as The Gentlemen, operating under a Ransomware-as-a-Service (RaaS) model and first observed in mid-2025, is rapidly scaling its attacks worldwide. Researchers from Check Point Research have recently identified the group leveraging the SystemBC botnet, which consists of more than 1,570 infected machines globally. Unlike opportunistic campaigns, this botnet specifically targets enterprise environments and critical organizations across the United States, Europe, and Australia. Reports indicate that a major energy company in Romania and several leading technology firms have already been impacted.
The Gentlemen’s operations are highly adaptable, utilizing encryption tools written in Go to target Windows, Linux, and NAS systems, as well as a C-based variant designed to compromise ESXi hypervisors. Their attack chain typically begins with obtaining Domain Admin privileges within a Domain Controller. From there, attackers deploy tools such as Cobalt Strike to establish persistence and conduct lateral movement across the network. They then use Group Policy Objects (GPO) to execute ransomware simultaneously across the organization. The encryption method is optimized for speed, using a hybrid approach that partially encrypts large files (approximately 1–9%) to accelerate disruption before detection.
In addition to encrypting files, the group employs double extortion, exfiltrating sensitive data and threatening to publish it on leak sites hosted on the Tor network if ransom demands are not met. This significantly increases the legal and reputational risks for affected organizations. Experts warn that the integration of advanced tools like SystemBC signals the group’s evolution into a more sophisticated cybercriminal operation. Organizations are advised to strengthen monitoring of Domain Controllers, detect abnormal network traffic-especially connections to proxy or command-and-control (C2) servers-and enhance overall defensive measures to mitigate potential threats.