Security researchers have published a detailed analysis of a new ransomware operation called The Gentlemen. The group has claimed 478 victims across countries including the UK, Brazil, Germany, India, and Thailand, and has developed a particularly dangerous trick: a worm mode that lets the ransomware automatically jump from one infected device to every other reachable machine on the same network. That means one compromised computer at an office, school, or small business can silently trigger a chain reaction that locks up every device before anyone notices.
The ransomware works across Windows, Linux, and server systems, and the gang typically breaks in through unpatched internet-connected equipment — like VPN devices and network firewalls made by Cisco and Fortinet. Once inside, it can encrypt files across an entire organisation in minutes. The operation is led by a Russian cybercriminal known online as LARVA-368 and has been active since mid-2025.
Sources
- The Hacker News: The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm