Summary

Microsoft Threat Intelligence has analyzed The Gentlemen, a new Go-based ransomware. This ransomware is notable for its self-propagating capabilities and use of per-file ephemeral key encryption.

Key Points

• The Gentlemen ransomware is written in Go and used by affiliates of Storm-2697.
• It employs per-file ephemeral key encryption, enhancing its encryption strength.
• The ransomware features an aggressive self-propagation module.
• It spreads across networks using simultaneous lateral movement techniques.
• The analysis was published by Microsoft on their Security Blog.

Analysis

The Gentlemen ransomware represents a significant threat due to its self-propagating nature and advanced encryption techniques. By leveraging Go, a language known for its efficiency and concurrency, the ransomware can spread rapidly within networks, making it a formidable tool for cybercriminals. The involvement of Storm-2697, a known threat actor, further underscores the potential danger posed by this ransomware.

Conclusion

IT professionals should prioritize monitoring for signs of The Gentlemen ransomware within their networks. Implementing robust security measures, including network segmentation and regular backups, can help mitigate the risk of infection and data loss.