SystemBC C2 Server Reveals 1,570+ Victims in The Gentlemen Ransomware Operation

What’s new: A command-and-control (C2) server linked to the SystemBC proxy malware has revealed over 1,570 victims associated with The Gentlemen ransomware operation. This group has rapidly become one of the most prolific ransomware actors since its emergence in July 2025, employing a double-extortion model and targeting various systems including Windows, Linux, NAS, and BSD. The malware establishes SOCKS5 network tunnels and can execute additional payloads, while the ransomware employs tactics to disable security measures on compromised hosts.

Who’s affected

Victims include organizations across the globe, particularly in the U.S., U.K., Germany, Australia, and Romania. The Gentlemen ransomware group has claimed over 320 victims on its data leak site, indicating a significant impact on corporate networks.

What to do

• Implement robust security measures to protect against initial access vectors, such as securing internet-facing services and enforcing strong credential policies.
• Regularly update and patch systems to mitigate vulnerabilities that could be exploited by ransomware groups.
• Employ advanced endpoint detection and response (EDR) solutions to identify and respond to suspicious activities promptly.
• Conduct regular security training for employees to recognize phishing attempts and other social engineering tactics.
• Establish a comprehensive backup strategy to ensure data recovery in the event of a ransomware attack.

Sources

• The Hacker News