What is Gentlemen RaaS?

Gentlemen is a ransomware-as-a-service (RaaS) operation that provides affiliates with tools for data-encrypting attacks. The group actively develops EDR-bypass utilities to enhance attack stealth.

How do EDR-killers work?

EDR-killers are tools that disable or disrupt endpoint detection and response systems, allowing threat actors to operate undetected and increase the likelihood of successful data encryption.

Why is the Gentlemen threat considered serious?

The group continuously refines its tools, making attacks more effective and harder to detect. This poses significant risks to corporate networks and sensitive data.

← All news

Security

New Gentlemen RaaS Leverages Tools to Disable EDR Protection

June 19, 2026

Photo: BleepingComputer

Quick answer

The Gentlemen RaaS service is developing EDR-disabling tools to bypass corporate defenses and encrypt data undetected.

Cybercriminal group Gentlemen, which operates a ransomware-as-a-service (RaaS) model, is actively developing tools to bypass endpoint detection and response (EDR) systems. These utilities enable affiliates to disable or disrupt threat detection and response solutions on endpoints, significantly complicating attack detection.

Researchers report that Gentlemen maintains a comprehensive suite of such tools, regularly updating them to enhance effectiveness. This makes the group one of the most dangerous threats to enterprise networks, as attacks become increasingly difficult to prevent and detect.

Cybersecurity experts emphasize that the use of EDR-killers is becoming a widespread tactic among cybercriminals. These tools allow threat actors to operate stealthily, increasing the chances of successful data encryption and extortion against victims.

Common questions

What is Gentlemen RaaS?: Gentlemen is a ransomware-as-a-service (RaaS) operation that provides affiliates with tools for data-encrypting attacks. The group actively develops EDR-bypass utilities to enhance attack stealth.
How do EDR-killers work?: EDR-killers are tools that disable or disrupt endpoint detection and response systems, allowing threat actors to operate undetected and increase the likelihood of successful data encryption.
Why is the Gentlemen threat considered serious?: The group continuously refines its tools, making attacks more effective and harder to detect. This poses significant risks to corporate networks and sensitive data.

Dzen feed: /feed/dzen.xml · RSS: /feed.xml