Back

Gentlemen RaaS Leak Exposes 10% of 2026's Ransomware Victims

Severity: High (Score: 63.1)

Sources: Kelacyber

Summary

On May 4, 2026, a leak of internal communications from The Gentlemen Ransomware-as-a-Service (RaaS) operation surfaced on underground forums. The leak, which included chats and backend data from November 2025 to April 2026, revealed the group's operational structure and targeting methods. The Gentlemen, active since September 2025, has claimed 328 victims in 2026, accounting for 10% of global ransomware claims. This leak mirrors a previous incident involving Black Basta and highlights the group's use of AI and affiliate models. KELA's data shows a 14.5% increase in ransomware claims compared to 2025, with The Gentlemen rapidly rising in prominence. The leak was initially posted by a user on Exploit.in and later shared on other forums, leading to a ban of the original account. The incident underscores the growing threat posed by emerging ransomware groups. Key Points: • The Gentlemen RaaS operation leaked internal communications revealing its structure and tactics. • The group has claimed 328 victims in 2026, representing 10% of global ransomware incidents. • The leak was first posted on Exploit.in and later shared on multiple forums, leading to account bans.

Key Entities

  • Data Breach (attack_type)
  • Phishing (attack_type)
  • Ransomware (attack_type)
  • Airbus (company)
  • Anssi (company)
  • ANTS (company)
  • CNIL (company)
  • French Ministry Of Health (company)
  • Brazil (country)
  • France (country)
  • India (country)
  • Japan (country)
  • Pakistan (country)
  • CVE-2023-34039 (cve)
  • CVE-2024-55591 (cve)
  • CVE-2025-32433 (cve)
  • CVE-2025-33073 (cve)
  • 4vps.su (domain)
  • ants.gouv.fr (domain)
  • exploit.in (domain)
  • vast.ai (domain)
  • Government (industry)
  • T1021 - Remote Services (mitre_attack)
  • T1078 - Valid Accounts (mitre_attack)
  • T1543.003 - Windows Service (mitre_attack)
  • T1566 - Phishing (mitre_attack)
  • Element (platform)
  • Fortigate (platform)
  • FortiOS (platform)
  • Mattermost (platform)
  • Outlook Web Access (platform)
  • Tox (tool)
  • Censys (tool)
  • ZeroPulse (tool)
  • Black Basta (ransomware_group)
  • Qilin RaaS (ransomware_group)
  • The Gentlemen (ransomware_group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed