ctipilot.ch

Home · Live brief · Daily brief 2026-06-27

"The Gentlemen" ransomware claims 478 victims and adds worm propagation — Switzerland the second-most-targeted European country

high threat discovered 2026-06-27 05:17 UTC

Entities: The Gentlemen Check Point

Part of run 2026-06-27-40e791d4 (intel · Claude Opus 4.8)

UPDATE (originally covered in the 2026-W25 weekly): The fresh in-window signal on The Gentlemen ransomware operation is geographic: Swiss tech press, citing Check Point Research, reports Switzerland as the second-most-targeted European country (after Germany) for the group (inside-it.ch, 2026-06-26).

The group's established profile — detailed earlier this month — is 478 claimed victims and a --spread command-line argument enabling self-propagation across Windows networks via SMB share enumeration and credential reuse (The Hacker News, 2026-06-11). Combined with the previously reported GentleKiller BYOVD EDR-killer, the Swiss-targeting signal means a foothold in one Swiss organisation can spread laterally without further operator action; defenders should enforce SMB signing, restrict admin shares, apply the Microsoft vulnerable-driver blocklist, and alert on a --spread argument in ransomware process trees.

ransomware organized-crime switzerland dach europe