New Ransomware 'The Gentlemen' Spreads Automatically Across Networks

Ransomware 'The Gentlemen' Raises Alarms with Automated Spreading

A newly identified ransomware variant, dubbed 'The Gentlemen', is causing significant concern among cybersecurity experts. Built using the Go programming language and obfuscated with the Garble tool, this threat combines robust per-file encryption with the ability to propagate silently across entire networks without any manual intervention.

Elevated Privileges via SYSTEM Scheduled Tasks

According to recent reports, The Gentlemen leverages SYSTEM-level scheduled tasks to encrypt local drives with elevated privileges. This technique allows the malware to operate with high integrity, bypassing standard user account controls and making detection more challenging.

Targets and Impact

The ransomware primarily targets organizations in education, healthcare, transportation, and other critical sectors. Its self-spreading capability enables it to move laterally through networks, potentially causing widespread disruption before security teams can respond.

Technical Details

Written in Go, The Gentlemen employs the Garble obfuscator to evade signature-based detection. The encryption process is per-file, which can slow down the attack but increases the difficulty of recovery without the decryption key. The use of scheduled tasks ensures persistence and execution with maximum system privileges.

Recommendations

Security professionals advise implementing robust endpoint detection and response (EDR) solutions, monitoring for unusual scheduled task creation, and maintaining offline backups. Network segmentation and least-privilege policies are also critical to limit the spread of such ransomware.