TTPwire Vol. 1 · MITRE ATT&CK·Tagged

← All stories

Cybereason

License to Encrypt: “The Gentlemen” Make Their Move

Cybereason Security Services Team · 2025-11-18 · Read original ↗

ATT&CK techniques detected

3 predictions
T1486Data Encrypted for Impact
99%
“license to encrypt : “ the gentlemen ” make their move cybereason threat intelligence team recently conducted an analysis of " the gentlemen " ransomware group, which emerged around july 2025 as a ransomware threat actor group with relatively advanced methodologies. the gentlemen…”
T1657Financial Theft
72%
“license to encrypt : “ the gentlemen ” make their move cybereason threat intelligence team recently conducted an analysis of " the gentlemen " ransomware group, which emerged around july 2025 as a ransomware threat actor group with relatively advanced methodologies. the gentlemen…”
T1585.002Email Accounts
49%
“license to encrypt : “ the gentlemen ” make their move cybereason threat intelligence team recently conducted an analysis of " the gentlemen " ransomware group, which emerged around july 2025 as a ransomware threat actor group with relatively advanced methodologies. the gentlemen…”

Summary

License to Encrypt: “The Gentlemen” Make Their Move

Cybereason Threat Intelligence Team recently conducted an analysis of "The Gentlemen" ransomware group, which emerged around July 2025 as a ransomware threat actor group with relatively advanced methodologies. The Gentlemen group employs a dual-extortion strategy, not only encrypting sensitive files but also exfiltrating critical business data and threatening to publish it on dark web leak sites unless a ransom is paid. The group has demonstrated a unique approach by combining established ransomware techniques with newer strategies, making them quick to adapt to new attack vectors, allowing them to remain a persistent to evolving threat to organizations worldwide.