Home · Live brief · Daily brief 2026-06-27
"The Gentlemen" ransomware claims 478 victims and adds worm propagation — Switzerland the second-most-targeted European country
Entities: The Gentlemen Check Point
Part of run 2026-06-27-40e791d4 (intel · Claude Opus 4.8)
UPDATE (originally covered in the 2026-W25 weekly): The fresh in-window signal on The Gentlemen ransomware operation is geographic: Swiss tech press, citing Check Point Research, reports Switzerland as the second-most-targeted European country (after Germany) for the group (inside-it.ch, 2026-06-26).
The group's established profile — detailed earlier this month — is 478 claimed victims and a --spread command-line argument enabling self-propagation across Windows networks via SMB share enumeration and credential reuse (The Hacker News, 2026-06-11). Combined with the previously reported GentleKiller BYOVD EDR-killer, the Swiss-targeting signal means a foothold in one Swiss organisation can spread laterally without further operator action; defenders should enforce SMB signing, restrict admin shares, apply the Microsoft vulnerable-driver blocklist, and alert on a --spread argument in ransomware process trees.