Unmasking The Gentlemen Ransomware: Tactics, Techniques, and Procedures Revealed
Gentlemen ransomware introduced a novel approach to defense evasion: rather than using a fixed BYOVD payload, the operators dynamically select and custom-patch anti-AV tools during the attack based on reconnaissance of the target's security stack. This article provides a full technical breakdown of their multi-stage infection chain, the adaptive evasion framework, encrypted C2 communication, and the Rust-based ransomware payload. Includes IOCs, MITRE ATT&CK mapping, and detection guidance.
Related Research
Web Shells, Tunnels, and Ransomware: Dissecting a Warlock Attack
Deep-dive analysis of Warlock (Water Manaul) ransomware operations revealing new TTPs including persistent BYOVD techniques, TightVNC and Yuze remote access tools, and 15-day dwell time before LockBit-derived ransomware deployment.
Agenda Ransomware Deploys Linux Variant on Windows Systems Through Remote Management Tools and BYOVD Techniques
Discovered Agenda ransomware deploying Linux variants on Windows systems via remote management tools and BYOVD techniques for cross-platform evasion.
Agenda Ransomware Group Adds SmokeLoader and NETXLOADER to Their Arsenal
Uncovered Agenda ransomware group adopting SmokeLoader and a new loader named NETXLOADER for improved delivery and evasion.
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
Documented Cerber ransomware operators rapidly weaponizing CVE-2023-22518 in Atlassian Confluence for initial access and encryption deployment.