THE article discusses "The Gentlemen," a ransomware group known for its sophisticated tactics, particularly its centralized EDR-killer suite called GentleKiller. Developed for affiliates, this framework contains eight variants that impersonate legitimate products and employ BYOVD (Bring Your Own Vulnerable Driver) exploits to disable security tools before launching ransomware attacks.
Emerged in late 2025, The Gentlemen quickly became a top ransomware operator with 504 claimed victims by Q1 2026, and its operations focus on Southeast Asia and Europe rather than the U.S. They rapidly integrate new exploits into their suite, maintaining a competitive edge. Additionally, a Rust-based credential stealer named OxideHarvest links to an affiliate, while the group's leader is identified, enhancing understanding of its operations and targets.