Ransomware group The Gentlemen linked to Russian national

Krebs on Security reports that the rapidly growing ransomware-as-a-service operation known as The Gentlemen has been linked to a Russian national identified as Alexander Andreevich Yapaev. The group has quickly become the second most active ransomware gang by victim count, largely due to an aggressive affiliate recruitment strategy offering a 90% revenue share.

The Gentlemen ransomware group, as analyzed by Check Point Software, operates on a ransomware-as-a-service model, attracting skilled hackers with an unusually high 90/10 affiliate revenue split. This strategy has propelled them to become the second most active ransomware gang, with at least 332 published victims since mid-2025. The group targets internet-facing devices like VPNs and firewalls for initial access, rapidly encrypting entire networks within hours.

Investigations by Check Point and Intel 471 suggest the administrator, known online as Zeta88 and previously Hastalamuerte, is likely Alexander Andreevich Yapaev, a 36-year-old from Izhevsk, Russia. Evidence includes linked email addresses, phone numbers, and social media profiles, with Yapaev also listing a professional role as head of B2B marketing at Uralenergo Udmurtia. The article notes that Russian cybercriminals often operate with relative impunity due to government non-interference, provided they do not target domestic entities, and many exhibit a lack of stringent operational security, especially early in their careers.

Source: Krebs on Security