Gentlemen ransomware uses multiple EDR killers to disable defenses

The Gentlemen ransomware-as-a-service gang uses a suite of EDR-killing tools, primarily a custom utility named GentleKiller, to disable defenses during attacks. GentleKiller has at least eight variants that impersonate legitimate security products and targets over 400 processes from approximately 48 security vendors. The tools leverage the bring your own vulnerable driver technique to achieve kernel-level privileges.