← All stories

Infosecurity Magazine

The Gentlemen Ransomware Expands With Rapid Affiliate Growth

2026-04-21 · Read original ↗

ATT&CK techniques detected

5 predictions

T1486Data Encrypted for Impact

99%

“the gentlemen ransomware expands with rapid affiliate growth a rapidly expanding ransomware - as - a - service ( raas ) operation has claimed more than 320 victims, with the bulk of attacks occurring in early 2026. according to researchers at check point, the group, known as the …”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1080Taint Shared Content

96%

“the gentlemen ransomware expands with rapid affiliate growth a rapidly expanding ransomware - as - a - service ( raas ) operation has claimed more than 320 victims, with the bulk of attacks occurring in early 2026. according to researchers at check point, the group, known as the …”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1486Data Encrypted for Impact

86%

“harvesting, remote execution via administrative shares and widespread reconnaissance. the attackers also disabled endpoint protections and used scheduled tasks, services and registry changes to maintain persistence. key capabilities observed in the attacks include : - cross - pla…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1219Remote Access Tools

81%

“##stic consumer infections. check point researchers noted that it remains unclear whether systembc is fully integrated into the gentlemen ecosystem or simply used by certain affiliates. however, its presence alongside tools such as cobalt strike suggests a modular attack chain. t…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

T1080Taint Shared Content

47%

“harvesting, remote execution via administrative shares and widespread reconnaissance. the attackers also disabled endpoint protections and used scheduled tasks, services and registry changes to maintain persistence. key capabilities observed in the attacks include : - cross - pla…”

Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.

No matches for .

Loading techniques…

Summary

Gentlemen RaaS expands quickly with multi-platform attacks and SystemBC-linked infections