Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
Ransomware Threatens Networks With Elevated Privileges

Ransomware Threatens Networks With Elevated Privileges

Posted on May 29, 2026 By CWS

A new ransomware strain, identified as The Gentlemen, is causing significant concern in the cybersecurity sector. Written in the Go programming language and obfuscated with Garble, this ransomware combines robust per-file encryption with a highly effective automatic network propagation mechanism, operating without human intervention.

Global Impact and Ransomware-as-a-Service Model

The Gentlemen has already impacted organizations across sectors such as education, healthcare, transportation, and finance, spanning continents including North America, South America, Europe, Africa, and Asia. Functioning as a ransomware-as-a-service (RaaS), its developers offer access to this malware to affiliates. This model, initially closed, widened to include affiliates in September 2025 after its mid-year emergence, and now collaborates with BreachForums, a notorious cybercriminal marketplace, to recruit penetration testers and initial access brokers.

Double Extortion and Unique Attack Strategy

According to Microsoft Threat Intelligence, tracking the group as Storm-2697, The Gentlemen employs a dual extortion strategy: encrypting data and stealing sensitive information to threaten publication if ransoms remain unpaid. This tactic, coupled with its broad adoption, poses a significant risk as the group’s partnership with BreachForums may attract more criminal affiliates.

The ransomware’s attack is multifaceted, disabling antivirus solutions, erasing backups, clearing system logs, and removing forensic traces before encryption. Its self-propagating nature allows it to infiltrate other machines across a network autonomously, complicating containment efforts for security teams.

Technical Sophistication and Network Propagation

One of The Gentlemen’s distinctive features is its method of obtaining elevated system privileges. By executing a Windows scheduled task named gentlemen_system under the SYSTEM account, the malware achieves high-level access, allowing it to encrypt files beyond the reach of standard user accounts. This is accomplished by deleting any pre-existing tasks with that name and initiating a new one, signaling its background operation via an environment variable.

When activated, The Gentlemen can transform into a worm, deploying itself across every reachable system on a local network. It uses shared folders, network shares, and multiple execution methods such as PsExec, WMI, and PowerShell remoting to ensure widespread infection, employing redundancy to overcome potential blockades.

Defense Strategies and Indicators of Compromise

To mitigate risks, experts recommend enabling controlled folder access, utilizing cloud-based antivirus protection, and reducing attack surfaces by blocking processes from PsExec and WMI commands. Employing endpoint detection and response tools in block mode and configuring automatic attack disruption is also advised.

Indicators of Compromise (IoCs) include SHA-256 hashes, file names, extensions, and registry keys related to The Gentlemen’s activity. For instance, the ransomware encryptor binary is identified by a specific SHA-256 hash, and a ransom note titled README-GENTLEMEN.txt is left in each affected directory.

Stay informed on cyber threats by following us on Google News, LinkedIn, and X, and consider setting CSN as your preferred source for instant updates.

Cyber Security News Tags:BreachForums, cyber threat, Cyberattack, Cybersecurity, data encryption, data protection, digital threats, Go language malware, IT security, malware defense, network propagation, network security, RaaS, Ransomware, system privileges

Post navigation

Previous Post: Charter Communications Breach Exposes Millions
Next Post: LLM Agent Exploitation Follows Marimo Vulnerability Attack

Related Posts

DragonForce Ransomware Group’s Expanding Cartel Operations DragonForce Ransomware Group’s Expanding Cartel Operations Cyber Security News
Conti Group Member Responsible for Deploying Ransomware Extradited to USA Conti Group Member Responsible for Deploying Ransomware Extradited to USA Cyber Security News
Fake Tax Notices Lure Indian Taxpayers into Malware Trap Fake Tax Notices Lure Indian Taxpayers into Malware Trap Cyber Security News
Russian Hackers Exploit New CTRL Toolkit for RDP Attacks Russian Hackers Exploit New CTRL Toolkit for RDP Attacks Cyber Security News
Android 16 Comes with Advanced Device-level Security Setting Protection for 3 Billion Devices Android 16 Comes with Advanced Device-level Security Setting Protection for 3 Billion Devices Cyber Security News
2025-8088 – WinRAR 0-Day Path Traversal Vulnerability Exploited to Execute Malware 2025-8088 – WinRAR 0-Day Path Traversal Vulnerability Exploited to Execute Malware Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • Turkish Banks Hit by Extensive Phishing and Scam Ads
  • Pentera Enhances AI Security with Validation Engines
  • Enhancing SOC Efficiency: Cut Alert Overload & MTTR
  • Crypto Wallet Extensions’ Privacy Risks Uncovered
  • CISA Alerts on Cisco IOS Vulnerability Exploitation

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • Turkish Banks Hit by Extensive Phishing and Scam Ads
  • Pentera Enhances AI Security with Validation Engines
  • Enhancing SOC Efficiency: Cut Alert Overload & MTTR
  • Crypto Wallet Extensions’ Privacy Risks Uncovered
  • CISA Alerts on Cisco IOS Vulnerability Exploitation

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark