Ransomware

Ransomware group ‘The Gentlemen’ suffers internal breach, exposing operations

(Adobe Stock)

As reported by HackRead, the ransomware group known as The Gentlemen experienced a significant breach of its internal systems in May 2026, offering researchers an unprecedented look into the operational mechanics of a cybercriminal organization that had previously operated with a high degree of perceived anonymity.

Researchers at Check Point Research (CPR) gained visibility into The Gentlemen's backend infrastructure, affiliate activities, and victim management tools after the group's own systems were compromised. The leaked data, including internal chats and databases, revealed discussions among affiliates about attack methods, credential abuse, and the use of EDR-killer tools.

The Gentlemen, which emerged in 2025, operates on a ransomware-as-a-service model, reportedly offering affiliates a 90% revenue share. Their attacks focus on internet-facing systems, disabling security tools, and encrypting Windows, Linux, NAS, and ESXi environments. The breach also indicated a victim count exceeding 1,570, significantly higher than publicly displayed numbers. Despite this internal security failure, The Gentlemen has reportedly partnered with a new version of BreachForums, indicating continued operational activity.

Source: HackRead

An In-Depth Guide to Ransomware

Get essential knowledge and practical strategies to protect your organization from ransomware attacks.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds