What is known about The Gentlemen leaks

Written By Jimmy Blake

The Gentlemen Ransomware-as-a-Service group appear to have suffered operational exposure involving underground disputes and alleged leaks by rival/affiliate actors, including their use of Rocket.Chat infrastructure. ransomware.live and Group-IB both have an excellent analysis of the platform what can be gleaned from the released information. Analysis of The Gentlemen’s SystemBC C2 infrastructure shows over 1,570 organisations have become victims of their attacks.

However, as of writing, this is nowhere near the treasure trove of tradecraft and tooling insight we gained from the full chat log leaks we’ve seen in the past from groups like Conti, Blackbasta and Trickbot,

If more information comes. to light, I’ll update this post.

The perspectives shared here are my own, based on practitioner experience in cyber resilience and incident response, and do not necessarily represent the official views or positions of my employer.
Jimmy Blake

Previous

Your Backup Platform Is Probably the Fastest Vulnerability Scanner You Are Not Using
Next

Information Security Buzz interview on Cyber Warfare