The PolySwarm Blog

Analyze suspicious files and URLs, at scale, millions of times per day. Get real-time threat intel from a crowdsourced network of security experts and antivirus companies competing to protect you.

The Gentlemen RaaS and SystemBC Activity Observed in Enterprise Intrusions

Apr 27, 2026 2:06:10 PM / by The Hivemind posted in Threat Bulletin, Ransomware, RaaS, Cobalt Strike, SystemBC, lateral movement, enterprise compromise, GPO abuse, proxy malware

0 Comments

Verticals Targeted: Enterprise Networks
Regions Targeted: US, UK, Germany
Related Families: SystemBC, Cobalt Strike

Executive Summary

The Gentlemen ransomware-as-a-service (RaaS) operation has rapidly scaled in early 2026, leveraging multi-platform encryption capabilities and enterprise-focused intrusion techniques. Recent DFIR analysis shows affiliates using tools such as SystemBC and Cobalt Strike to establish covert access, pivot laterally, and deploy ransomware at scale via Group Policy, enabling rapid domain-wide encryption events. The Gentlemen has been observed targeting enterprise networks primarily in the US, UK, and Germany.

Read More

Sugar Ransomware Targets Individuals Instead of Enterprises

Mar 3, 2022 2:59:22 PM / by PolySwarm Tech Team posted in Threat Bulletin, Ransomware, RaaS, Sugar

0 Comments



Background

Walmart recently reported on a new ransomware as a service (RaaS) called Sugar ransomware. The threat actors behind Sugar ransomware appear to be targeting individuals rather than enterprises and demand a low ransom amount, based on the number of files encrypted.

Read More
All posts

Subscribe to Email Updates

Lists by Topic

see all

Posts by Topic

See all

Recent Posts

Join the Marketplace

For Enterprises and Businesses

Learn More

For Security Experts and AV Companies

Learn More