The Gentlemen ransomware group has become the second most active gang in terms of victim count, with a recruitment strategy that offers affiliates 90% of ransom payments. This approach has drawn a skilled pool of hackers to the group. Researchers have identified clues that may reveal the real-life identity of the group's administrator, known as Hastalamuerte. A graphic shared by Hastalamuerte on Breachforums in May 2026 has provided valuable insights. Experts from Check Point Software have been tracking the group's activities, shedding light on its operations. The group's rise to prominence is attributed to its lucrative affiliate model, which has attracted a talented cadre of cybercriminals1. This development matters to cybersecurity practitioners because it highlights the evolving tactics of ransomware groups and the need to stay vigilant against emerging threats.
Who Runs the Ransomware Group ‘The Gentlemen?’
⚠️ Critical Alert
Why This Matters
A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an.
References
- Krebs. (2026, June 10). Who Runs the Ransomware Group ‘The Gentlemen?’. Krebs on Security. https://krebsonsecurity.com/2026/06/who-runs-the-ransomware-group-the-gentlemen/
Original Source
Krebs on Security
Read original →