Industrial Cyber reports:
Researchers from ASEC detailed Gentlemen, a newly identified ransomware group, which first emerged around August 2025.
[…]
“During the breach, the group employs typical tactics seen in advanced ransomware groups, such as Group Policy Objects (GPO) manipulation and Bring Your Own Vulnerable Driver (BYOVD). As of now, there is no clear evidence that the group is operating on a Ransomware as a Service (RaaS) model.”
Additionally, it is yet to be confirmed whether the group is a rebranding of an existing ransomware group or a sub-group.
Explaining that the attack by Gentlemen quickly spread after its appearance, and there have been reports of damage in at least 17 countries, ASEC highlighted that the affected industries include manufacturing, construction, healthcare, and insurance. Attacks have been confirmed in multiple regions, including Asia-Pacific (APAC), North America, South America, and the Middle East, showing a wide range of activities that are not limited to a specific country or region.
Read more at Industrial Cyber.
