‘The Gentlemen’ Rapidly Rises to Ransomware Prominence
April 22, 2026 – Published on Dark Reading
A ransomware gang known as “The Gentlemen” has made a name for itself, claiming hundreds of victims in a matter of months.
The Gentlemen is a ransomware-as-a-service (RaaS) outfit that first popped up in mid-2025. While it operates fairly typical double extortion attacks (using both encryption and data leaking as extortion levers), The Gentlemen is known for sophisticated tactics, techniques, and procedures (TTPs), such as antivirus killers and complex infection chains.
While The Gentlemen is largely sophisticated in its ability to compromise large organizations, Jason Baker, managing security consultant of threat intelligence at GuidePoint Security, says there are some hallmarks of a ransomware organization with staying power that The Gentlemen is currently missing.
“The Gentlemen’s affiliates or negotiators continue to engage with victims over qTox or Session applications rather than a dedicated chat side, and their presence on Twitter/X is the kind of behavior we typically ascribe to less mature operators as an unnecessary OPSEC risk,” he says. “Some excellent reporting from Check Point also suggests that in at least some cases, the group’s affiliates continue to use Cobalt Strike, an offensive security tool that we have seen largely fade into irrelevance over the past one to two years as detection mechanisms have become widely available.”
While it does have some hallmarks of a mainstay, such as continued quarterly growth, Baker adds a rapid fall from prominence is always possible, whether because of law enforcement disruption, infighting, or external conflicts with other cybercrime outfits.
Read More HERE.