thegentlemen

Known ransomware group ACTIVE

Active · high-tempo

The Gentlemen is a RaaS group that emerged in July–August 2025, rapidly claiming over 320 victims across 17+ countries by offering affiliates a 90% revenue share, deploying a Go-based locker against Windows, Linux, NAS, and BSD systems; a compromised C2 server in 2026 revealed more than 1,570 linked victims.

Total Claims

Critical

—

Records Claimed

Industries Hit

Active span: Apr 26, 2026 – Jun 8, 2026 · 21 organizations targeted

Active · high-tempo

Actor Threat Profile

Activity Timeline

Peak: May 2026 (11)

Apr 2026

LessMore

Jun 2026

Share this profile

Top Targeted Industries

Healthcare 9

Financial Services 4

Education 2

Consumer Services 2

Energy 1

Technology 1

Tradecraft & Infrastructure

Documented tools

12 / 56

MITRE tactics / techniques

Known leak sites

CredentialTheftDefenseEvasionDiscoveryEnumExfiltrationNetworkingOffsecRMM-Tools

Full intelligence profile on ransomware.live →

thegentlemen

Activity Timeline

Share this profile

Top Targeted Industries

Tradecraft & Infrastructure

Targeted Organizations

Claims by thegentlemen

Ransomware Claim: Central Arkansas Pediatrics

Ransomware Claim: The Clinic

Ransomware Claim: WCM Remedium

Ransomware Claim: Institucion Cervantes

Ransomware Claim: Suburban Water

Ransomware Claim: Downriver Medical Associates

Ransomware Claim: Edgewood Surgical Hospital

Ransomware Claim: Michigan Surgical Center

Ransomware Claim: Brian Jessel BMW

Ransomware Claim: Sanatorio Delta

Ransomware Claim: Le Perreux sur Marne

Ransomware Claim: YMCA of Columbia

Ransomware Claim: Internal Medicine

Ransomware Claim: Internet Technologies Designs

Ransomware Claim: University of Finance and Administration

Ransomware Claim: Ross Yerger Insurance

Ransomware Claim: Amstel Securities

Ransomware Claim: Shajarpak Securities

Ransomware Claim: Value Exchange International

Ransomware Claim: DermaPharm

Ransomware Claim: EEC Group

Never Miss a Critical Alert