Recent investigations have identified a botnet of more than 1,570 victims linked to the The Gentlemen ransomware-as-a-service (RaaS) operation, primarily facilitated through the use of SystemBC, a known proxy malware. Research conducted by Check Point highlights that the command-and-control (C2) server associated with SystemBC has been instrumental in this discovery.
Understanding SystemBC and Its Functionality
SystemBC establishes SOCKS5 network tunnels within compromised environments, connecting to its C2 server via a custom RC4-encrypted protocol. This malware is capable of downloading and executing additional malicious payloads, which can either be written to disk or injected directly into memory.
The Gentlemen Ransomware Operation
Since its emergence in July 2025, The Gentlemen has rapidly become a prominent player in the ransomware landscape, claiming over 320 victims on its data leak site. The group employs a double-extortion model and demonstrates versatility in targeting various systems, including Windows, Linux, NAS, and BSD. Their tactics involve sophisticated methods to gain initial access, although the specifics of these methods remain unclear.
Attack Techniques and Lateral Movement
During lateral movement within a network, the ransomware attempts to disable Windows Defender on accessible remote hosts by executing a PowerShell script that modifies security settings. This includes disabling real-time monitoring and shutting down firewalls, which facilitates the deployment of the ransomware binary.
Global Impact and Ongoing Threats
The findings indicate that the C2 server linked to SystemBC has compromised networks across multiple countries, including the U.S., U.K., Germany, Australia, and Romania. While SystemBC has been utilized in ransomware operations since 2020, the precise relationship between this malware and The Gentlemen’s operations is still under investigation.
As the ransomware landscape evolves, the scale of The Gentlemen’s operation appears to be larger than previously reported, with ongoing growth in their activities. The findings underscore the need for heightened awareness and vigilance against such sophisticated cyber threats.
This article was produced by NeonPulse.today using human and AI-assisted editorial processes, based on publicly available information. Content may be edited for clarity and style.
