A recent analysis from ESET revealed that the ransomware group Gentlemen has developed a sophisticated toolkit named GentleKiller, which can disable victims' endpoint security software before executing encryption. This toolkit targets over 400 security processes across 48 products, leveraging a technique known as Bring Your Own Vulnerable Driver (BYOVD) to exploit signed kernel drivers and enhance their stealth capabilities.
Unlike other ransomware operations, Gentlemen maintains and updates this toolkit themselves, offering various EDR killers including GentleKiller and others adapted from previous ransomware. Founded in late 2025 and operating on a unique model, Gentlemen typically targets victims in Southeast Asia, South America, and Western Europe, and provides affiliates with a significant share of profits.