Who Runs the Ransomware Group ‘The Gentlemen?’
The ransomware-as-a-service (RaaS) group known as The Gentlemen has rapidly become the second most active ransomware gang by victim count, a position achieved through an aggressive affiliate recruitment strategy offering a 90 percent revenue share of ransoms paid by victims. This lucrative split, exceeding the industry standard of 80/20, has attracted experienced hackers from competing programs, according to security firm Check Point Software. Since its inception in mid-2025, The Gentlemen has claimed at least 332 published victims, with over 240 occurring in 2026 alone. The group primarily targets internet-facing devices such as VPNs and firewalls for network entry, subsequently encrypting entire networks within hours. Check Point researchers have identified the administrator of The Gentlemen, operating under the nickname Zeta88 on Russian-language cybercrime forums, as the individual previously known by the moniker Hastalamuerte. This administrator is responsible for assembling the ransomware locker and RaaS panel, managing payments, and overseeing the entire operation, receiving the remaining 10 percent of all ransoms. Intel 471, a cyber intelligence firm, has also investigated the identity of Hastalamuerte.
Original source — read the full reporting at the publisher:
Read on Krebs on Security