Investigating the Identity Behind the Ransomware Group 'The Gentlemen'
By
Bender
Pure flour-power. Hearty enough to carry you through lunch.
Summary
A cybercrime group called The Gentlemen has become the second most active ransomware gang by victim count, using an aggressive recruitment strategy that offers affiliates 90% of ransom payments. The article investigates clues pointing to the real identity of the group's administrator, known as Hastalamuerte, who has been active on Breachforums. Security firm Check Point Software has been tracking the group's activities.
Key quotes
· 3 pulledA cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims.
This post examines clues pointing to a real life identity for the administrator of The Gentlemen ransomware group.
A graphic created and shared by The Gentlemen ransomware group administrator Hastalamuerte on Breachforums in May 2026.
You might also wanna read
New 'The Gentlemen' Ransomware Uses SYSTEM Scheduled Tasks to Encrypt Drives with Elevated Privileges
A newly analyzed ransomware strain called The Gentlemen, built in Go and obfuscated with Garble, is raising alarms in cybersecurity. It comb
cybersecuritynews.com·14d ago
Silent Ransom Group Targets US Law Firms in Data Theft Extortion Campaign
A financially motivated threat group tracked as UNC3753 and associated with the Silent Ransom group is targeting US law firms, professional
FBI warns Silent Ransom Group still targeting US law firms with in-person USB drive attacks
The FBI warns that the Silent Ransom Group, a cyber extortion crew operating since 2022, continues to target US law firms. The criminals use
theregister.com·16d agoFBI warns Silent Ransom Group still targeting US law firms with in-person USB drive attacks
The FBI warns that the Silent Ransom Group, a cyber extortion crew operating since 2022, continues to target US law firms. The criminals use
theregister.com·16d ago
Cyberattack disrupts Karl Auto Group in Iowa, RansomHouse claims responsibility
Karl Auto Group, a major Iowa auto retailer, suffered a cyberattack that disrupted phones and computer systems and potentially exposed custo
infosec.exchange·8d ago
Cybercrime gang uses fake help desk calls and in-person visits with USB drives to steal data from US companies
A cybercrime gang tracked by Google's Mandiant incident response team has targeted dozens of US banks, law firms, and professional services
theregister.com·3d agoCybercrime gang uses fake help desk calls and in-person visits with USB drives to steal data from US companies
A cybercrime gang tracked by Google's Mandiant incident response team has targeted dozens of US banks, law firms, and professional services
theregister.com·3d ago
Proofpoint Warns of TA4922 Cybercrime Group Deploying Multiple Malware Strains Across Global Targets
Proofpoint has identified a financially motivated cybercrime group, TA4922, that is deploying multiple malware strains—including Atlas RAT,
cybersecuritynews.com·8d ago