The Gentlemen ransomware, tracked as Storm-2697, is a Go-based ransomware-as-a-service that combines robust encryption using Curve25519 and XChaCha20 with extensive self-propagation capabilities. It employs at least 21 lateral movement techniques such as PsExec, WMI, scheduled tasks, services, and PowerShell remoting to spread across networks. The malware disables security defenses, deletes shadow copies and forensic artifacts, and optionally wipes free disk space to prevent data recovery. It also exfiltrates sensitive information to enable double extortion. The operation transitioned to RaaS by September 2025 and recruits affiliates including penetration testers and initial access brokers via BreachForums. It impacts organizations across multiple sectors globally. There is no patch or remediation available as this is a malware threat rather than a software vulnerability.

The Gentlemen ransomware can cause significant operational disruption by encrypting files with strong cryptography and preventing recovery through deletion of shadow copies and optional wiping of free disk space. The double extortion tactic increases the risk of data leakage and reputational damage. Its aggressive lateral movement techniques enable broad network compromise, increasing the scope of impact within affected organizations. The disabling of defenses and deletion of forensic artifacts complicate incident response and recovery efforts.

As this is a malware threat rather than a software vulnerability, no official patch or fix is available. Organizations should focus on preventive measures such as restricting lateral movement capabilities, monitoring for unusual administrative activity, and maintaining offline backups. Incident response should prioritize containment and recovery. There is no vendor advisory indicating no action required or existing mitigation. Patch status is not applicable.