Who Runs the Ransomware Group 'The Gentlemen'?

Who Runs the Ransomware Group ‘The Gentlemen’? 🚀

A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90% of any ransom paid by victims. Experts at the security firm Check Point Software have been closely covering exploits of The Gentlemen, a so-called “ransomware-as-a-service” (RaaS) offering that pays affiliates handsomely to help spread the group’s malware.

Key Insights:

• A 90/10 affiliate revenue split – compared to the industry standard 80/20 – is accelerating the group’s growth by attracting experienced operators from competing programs.
• Check Point found The Gentlemen are the second most active ransomware group by victim count so far this year, claiming at least 332 published victims since the group’s inception in mid-2025 and more than 240 in 2026 alone.
• The group targets Internet-facing devices (VPNs, firewalls) as their entry point, and once inside, moves quickly to encrypt entire networks within hours.

Leadership:

Check Point says the administrator and primary operator of the ransomware group uses the nickname Zeta88 on Russian-language cybercrime forums, and that this individual was previously known under the moniker Hastalamuerte. This person is responsible for assembling the locker and RaaS panel, managing payments, and essentially administering the entire program, receiving 10% of all ransoms.

Background:

Intel 471 shows that the user Hastalamuerte is a Russian and English-speaking person who registered on almost a dozen cybercrime forums between 2019 and the present day, including Exploit, Breachforums, Ramp_V2, BHF, Raidforums, and Nulled.

To read the complete article see: Read full article