A relatively new ransomware outfit known as “The Gentlemen” has rapidly become one of the most dangerous cybercriminal organizations operating today, accounting for roughly 10% of recorded ransomware attacks and ranking just behind some of the most notorious extortion networks in the world. Emerging in mid-2025, the group has demonstrated a level of sophistication normally associated with long-established cybercrime syndicates, using advanced encryption methods, stealth proxy infrastructure, stolen credentials, lateral-movement malware, and an aggressive ransomware-as-a-service business model that attracts affiliates with unusually generous profit-sharing arrangements. Security researchers warn that The Gentlemen’s rapid growth reflects a troubling evolution in cybercrime, where ransomware operations increasingly resemble mature business enterprises capable of scaling attacks across industries, governments, healthcare providers, manufacturers, and technology firms at unprecedented speed.
Sources
- https://www.itpro.com/security/new-ransomware-threat-group-the-gentlemen-has-become-one-of-the-most-active-ransomware-operators-accounting-for-10-percent-of-all-attacks
- https://www.microsoft.com/en-us/security/blog/2026/05/28/the-gentlemen-ransomware-dissecting-a-self-propagating-go-encryptor/
- https://www.halcyon.ai/ransomware-research-reports/threat-assessment-the-gentlemen-ransomware-group
- https://research.checkpoint.com/2026/thus-spoke-the-gentlemen
- https://www.computerweekly.com/news/366643511/The-Gentlemen-emerging-as-key-ransomware-player
Key Takeaways
- The Gentlemen has evolved from an emerging ransomware group into one of the world’s most active cyber-extortion operations in less than a year, highlighting how quickly modern criminal networks can scale.
- The group combines sophisticated encryption, proxy malware, stolen credentials, and ransomware-as-a-service infrastructure, allowing affiliates to conduct attacks faster and with greater stealth than many legacy ransomware organizations.
- The rise of The Gentlemen underscores a broader cybersecurity reality: ransomware is no longer the work of isolated hackers but increasingly resembles a professionalized criminal industry operating across international networks.
In-Depth
The emergence of The Gentlemen should serve as a warning to governments, corporations, and critical infrastructure operators that cybercrime has entered a new phase. What once consisted of loosely organized hackers has evolved into highly structured criminal enterprises that operate with business models, recruiting systems, profit-sharing agreements, and technical support networks rivaling those of legitimate companies. The Gentlemen’s rapid ascent from obscurity to accounting for approximately one-tenth of global ransomware activity demonstrates just how effective that model has become.
Perhaps most troubling is the speed at which the organization has expanded. Researchers describe a group capable of infiltrating networks, moving laterally, disabling defenses, and encrypting systems with remarkable efficiency. Their use of stolen credentials, proxy malware, and sophisticated encryption techniques dramatically reduces the amount of time defenders have to detect and stop an attack before catastrophic damage occurs.
The broader lesson is that years of soft cybersecurity policies, fragmented corporate defenses, and a lack of meaningful international consequences for cybercriminal safe havens have created an environment where ransomware organizations can flourish. While businesses bear responsibility for securing their networks, governments also face growing pressure to treat ransomware not merely as criminal activity but as a national security threat. As groups like The Gentlemen continue to industrialize cyber extortion, the costs will ultimately be borne by consumers, employees, taxpayers, and institutions that increasingly depend on vulnerable digital infrastructure.