GentleKiller Ransomware Disables 400+ EDR Security Processes

gentle-killer image

A newly uncovered EDR-killing framework known as GentleKiller has emerged as one of the most aggressive tools in the ransomware landscape this year, systematically terminating over 400 endpoint protection processes across 48 distinct security products. The framework, developed and maintained by the Gentlemen ransomware-as-a-service operation, exploits the Bring Your Own Vulnerable Driver (BYOVD) technique to … Read more

AI-Built Ransomware Toolkit Automates EDR Evasion in 2026

EDR Bypass Ransomware

AI-Built Ransomware Toolkit Automates EDR Evasion, Leverages Claude Agents for Attack Development Researchers at Sophos have uncovered an active threat actor operating a fully functional, AI-built ransomware toolkit that automates Active Directory (AD) reconnaissance, systematically tests endpoint detection bypass techniques, and uses multiple AI agents, including one powered by Claude Opus 4.5, to build and … Read more

Gentlemen RaaS Uses SYSTEM Scheduled Task to Encrypt Drives

The Gentlemen Ransomware Abuses Windows SYSTEM Tasks to Encrypt Entire Networks The Gentlemen ransomware is a growing and technically sophisticated threat that Canadian organizations in healthcare, finance, education, and transportation cannot afford to overlook. Published in a new analysis by Microsoft Threat Intelligence, this ransomware-as-a-service (RaaS) platform combines self-propagation, SYSTEM-level privilege abuse, and double extortion … Read more