Threat Intelligence / Actor / The Gentlemen

The Gentlemen

Nation: Russia · 3 tracked threat(s) · Categories: RANSOMWARE, MALWARE

Also known as: The Gentlemen RaaS, Gentlemen Ransomware, Gentlemen-Locker, Gentlemen RaaS, Gntlm, Thegentlemen, The Gentlemen Ransomware

Tracked threats

The Gentlemen Ransomware (RaaS) — Defense Evasion TTPs: Event Log Clearing, Defender Disable & AV Exclusions via PowerShell + Scheduled Tasks (Huntress April/May 2026 IRs) — HIGH
The Gentlemen Ransomware Operationalizes SystemBC SOCKS5 Botnet of 1,570+ Corporate Hosts for Double-Extortion Operations — HIGH
The Gentlemen Ransomware: Emerging Multi-Region Enterprise Threat — 80+ Victims Across 30+ Countries Since September 2025 — HIGH

Full actor intelligence — infrastructure, IOCs, detection coverage and operator fingerprints — is available via the Threadlinqs MCP server (Purple tier). View plans →

Threadlinqs Intelligence