THE Gentlemen ransomware is a sophisticated ransomware-as-a-service (RaaS) that combines strong encryption with aggressive self-propagation capabilities to exploit networks. Its encryption uses the Curve25519 keys and XChaCha20 cipher, and it employs various lateral movement techniques for network compromise. Operated by a group identified as Storm-2697, it utilizes double extortion tactics: encrypting files and exfiltrating sensitive data to pressure victims into paying ransom.
The malware's propagation includes tools like PsExec and WMIC to execute on remote systems, leveraging weaknesses in security protocols. Defenses against such threats include enabling cloud-delivered protection, tamper protection, controlled folder access, and endpoint detection and response (EDR) in block mode. Detailed analysis of the ransomware reveals its command-line arguments, file encryption methods, persistence techniques, and the operational strategies used for network spread.