India, June 23 -- Cybersecurity researchers at ESET have published a detailed analysis of the endpoint detection and response (EDR) disruption tools used by the ransomware-as-a-service (RaaS) group known as Gentlemen. Since emerging in late 2025, the group has become one of the most active ransomware operations observed in 2026, distinguishing itself through the development and maintenance of a dedicated suite of tools designed to disable security software.

According to ESET, Gentlemen operators provide affiliates not only with ransomware encryptors but also with a portfolio of EDR-killing tools, representing a more centralised approach than that adopted by many other ransomware groups.

ESET's research found that the group's activities ...