'The Gentlemen' ransomware group emerged in July 2025, employing advanced dual-extortion tactics. They encrypt data and exfiltrate sensitive information, threatening to release it unless a ransom is paid. The group developed their own Ransomware-as-a-Service (RaaS) platform after experimenting with various affiliate models. Their latest update introduces automatic self-restart, run-on-boot functionality, and flexible encryption speeds. The ransomware targets both local disks and network-shared drives, supporting Windows, Linux, and ESXi platforms. Key features include reliable encryption using XChaCha20 and Curve25519, configurable attack methods, and persistent access capabilities. The group has published 47 victims on their dark web leak site within two months of operation.