A SystemBC proxy malware botnet of more than 1,570 hosts, believed to be corporate victims, has been discovered following an investigation into a Gentlemen ransomware attack carried out by a gang affiliate.

The Gentlemen ransomware-as-a-service (RaaS) operation emerged around mid-2025 and provides a Go-based locker that can encrypt Windows, Linux, NAS, and BSD systems, and a C-based locker for ESXi hypervisors.

Last December, it compromised one of Romania’s largest energy providers, the Oltenia Energy Complex. Earlier this month, The Adaptavist Group disclosed a breach that Gentlemen ransomware listed on its data leak site.