FILTERING BY: CLEAR FILTER

The Gentlemen Ransomware: Storm-2697 Targets Critical Infrastructure with Go-Based Self-Propagating Malware

The Gentlemen, a Ransomware-as-a-Service (RaaS) operation executed by the Storm-2697 affiliate group, has escalated attacks against high-value critical infrastructure, specifically targeting healthcare and water management districts. The group deploys a sophisticated, self-propagating encryptor written in Go (Golang) that utilizes per-file ephemeral key encryption to prevent unauthorized decryption. This malware features an aggressive lateral movement module designed for simultaneous, network-wide deployment to maximize operational paralysis before detection can occur. Confirmed victims include the St. Johns River Water Management District. Concurrently, a significant internal breach of The Gentlemen’s own infrastructure has leaked operational data, providing cybersecurity researchers with unprecedented technical intelligence regarding the group's internal structure and tactics.


LINK COPIED TO CLIPBOARD