UPDATE: "The Gentlemen" ransomware claims 478 victims and adds worm propagation — Switzerland the second-most-targeted European country

UPDATE (originally covered in the 2026-W25 weekly): The fresh in-window signal on The Gentlemen ransomware operation is geographic: Swiss tech press, citing Check Point Research, reports Switzerland as the second-most-targeted European country (after Germany) for the group (inside-it.ch, 2026-06-26).

The group's established profile — detailed earlier this month — is 478 claimed victims and a --spread command-line argument enabling self-propagation across Windows networks via SMB share enumeration and credential reuse (The Hacker News, 2026-06-11). Combined with the previously reported GentleKiller BYOVD EDR-killer, the Swiss-targeting signal means a foothold in one Swiss organisation can spread laterally without further operator action; defenders should enforce SMB signing, restrict admin shares, apply the Microsoft vulnerable-driver blocklist, and alert on a --spread argument in ransomware process trees.