Back

Ransomware Groups The Gentlemen and Gunra Intensify RaaS Operations in 2026

Severity: High (Score: 66.5)

Sources: Cybersecuritynews

Summary

The Gentlemen, a ransomware-as-a-service (RaaS) group, has emerged as a significant threat since its inception in mid-2025, with 332 reported victims in the first five months of 2026. They leverage Fortinet and Cisco edge devices for initial access. Similarly, Gunra ransomware, which transitioned from the Conti group, has expanded its operations, targeting numerous organizations and employing a business-like model that includes selling access and leaking stolen files. Both groups represent a growing concern in the cybersecurity landscape, with their operations indicating a shift towards more organized and sophisticated cybercrime. The current status of these threats is active, with ongoing attacks and recruitment efforts by both groups. Key Points: • The Gentlemen RaaS has claimed 332 victims in 2026 alone, highlighting its rapid growth. • Gunra ransomware has expanded its operations, adopting a business-like model for cybercrime. • Both groups utilize advanced tactics, including exploiting edge devices from major vendors.

Key Entities

  • Ransomware (attack_type)
  • T1041 - Exfiltration Over C2 Channel (mitre_attack)
  • Cisco (company)
  • Fortinet (company)
  • Conti (ransomware_group)
  • Gunra (ransomware_group)
  • The Gentlemen (ransomware_group)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed