Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Ransomware Threatens Networks With Elevated Privileges

Ransomware Threatens Networks With Elevated Privileges

Posted on May 29, 2026 By CWS

A new ransomware strain, identified as The Gentlemen, is causing significant concern in the cybersecurity sector. Written in the Go programming language and obfuscated with Garble, this ransomware combines robust per-file encryption with a highly effective automatic network propagation mechanism, operating without human intervention.

Global Impact and Ransomware-as-a-Service Model

The Gentlemen has already impacted organizations across sectors such as education, healthcare, transportation, and finance, spanning continents including North America, South America, Europe, Africa, and Asia. Functioning as a ransomware-as-a-service (RaaS), its developers offer access to this malware to affiliates. This model, initially closed, widened to include affiliates in September 2025 after its mid-year emergence, and now collaborates with BreachForums, a notorious cybercriminal marketplace, to recruit penetration testers and initial access brokers.

Double Extortion and Unique Attack Strategy

According to Microsoft Threat Intelligence, tracking the group as Storm-2697, The Gentlemen employs a dual extortion strategy: encrypting data and stealing sensitive information to threaten publication if ransoms remain unpaid. This tactic, coupled with its broad adoption, poses a significant risk as the group’s partnership with BreachForums may attract more criminal affiliates.

The ransomware’s attack is multifaceted, disabling antivirus solutions, erasing backups, clearing system logs, and removing forensic traces before encryption. Its self-propagating nature allows it to infiltrate other machines across a network autonomously, complicating containment efforts for security teams.

Technical Sophistication and Network Propagation

One of The Gentlemen’s distinctive features is its method of obtaining elevated system privileges. By executing a Windows scheduled task named gentlemen_system under the SYSTEM account, the malware achieves high-level access, allowing it to encrypt files beyond the reach of standard user accounts. This is accomplished by deleting any pre-existing tasks with that name and initiating a new one, signaling its background operation via an environment variable.

When activated, The Gentlemen can transform into a worm, deploying itself across every reachable system on a local network. It uses shared folders, network shares, and multiple execution methods such as PsExec, WMI, and PowerShell remoting to ensure widespread infection, employing redundancy to overcome potential blockades.

Defense Strategies and Indicators of Compromise

To mitigate risks, experts recommend enabling controlled folder access, utilizing cloud-based antivirus protection, and reducing attack surfaces by blocking processes from PsExec and WMI commands. Employing endpoint detection and response tools in block mode and configuring automatic attack disruption is also advised.

Indicators of Compromise (IoCs) include SHA-256 hashes, file names, extensions, and registry keys related to The Gentlemen’s activity. For instance, the ransomware encryptor binary is identified by a specific SHA-256 hash, and a ransom note titled README-GENTLEMEN.txt is left in each affected directory.

Stay informed on cyber threats by following us on Google News, LinkedIn, and X, and consider setting CSN as your preferred source for instant updates.

Cyber Security News Tags:BreachForums, cyber threat, Cyberattack, Cybersecurity, data encryption, data protection, digital threats, Go language malware, IT security, malware defense, network propagation, network security, RaaS, Ransomware, system privileges

Post navigation

Previous Post: Charter Communications Breach Exposes Millions
Next Post: LLM Agent Exploitation Follows Marimo Vulnerability Attack

Related Posts

Top User Access Management Tools for 2026 Top User Access Management Tools for 2026 Cyber Security News
ModHeader Chrome Extension Pulled for Data Exfiltration Risk ModHeader Chrome Extension Pulled for Data Exfiltration Risk Cyber Security News
Threat Actors Using Malicious VSCode Extension to Deploy Anivia Loader and OctoRAT Threat Actors Using Malicious VSCode Extension to Deploy Anivia Loader and OctoRAT Cyber Security News
Go Module Typo Exposes DNS Backdoor Hack Go Module Typo Exposes DNS Backdoor Hack Cyber Security News
North Korean Hackers Stealthy Linux Malware Leaked Online North Korean Hackers Stealthy Linux Malware Leaked Online Cyber Security News
Threat Actors Manipulating LLMs for Automated Vulnerability Exploitation Threat Actors Manipulating LLMs for Automated Vulnerability Exploitation Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Critical Vulnerability in Claude Extension Exposes Google Data
  • Adobe Releases Critical Security Updates for ColdFusion
  • LabubaRAT Disguises as NVIDIA Software to Infiltrate Systems
  • Turkish Banks Hit by Extensive Phishing and Scam Ads
  • Pentera Enhances AI Security with Validation Engines

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Critical Vulnerability in Claude Extension Exposes Google Data
  • Adobe Releases Critical Security Updates for ColdFusion
  • LabubaRAT Disguises as NVIDIA Software to Infiltrate Systems
  • Turkish Banks Hit by Extensive Phishing and Scam Ads
  • Pentera Enhances AI Security with Validation Engines

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark