Find notable cyber news and cases, enriched with sources, timelines, and signals.

Gentlemen ransomware operation using compromised credentials and exposed services

Malware Activity
First reported
Last updated
Happening score
H score 18
2 unique sources, 2 articles

Summary

Hide ▲

Gentlemen ransomware is actively extorting victims by using compromised credentials and Internet-exposed services to enter networks. It encrypts files, drops README-GENTLEMEN.txt notes, and appends the .7mtzhh extension. Its Tor data leak site has expanded to nearly four dozen victims, showing ongoing criminal reach.

Related Happenings

The Gentlemen ransomware group’s 90/10 RaaS model and rapid victim growth

Threat Actor Meta
H score26 First: 10.06.2026 17:03 Last: 10.06.2026 17:03 Sources 1

How related: A cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims.

About this happening: **The Gentlemen** ransomware group has become a high-volume **RaaS** operation, using a **90/10 affiliate split** to attract operators and expand its reach. The group now ranks as...

Gentlemen ransomware affiliate campaign expanding toolkit and infrastructure

Campaign
H score53 First: 20.04.2026 23:02 Last: 20.04.2026 23:02 Sources 1

How related: The Gentlemen ransomware operation surfaced in August and is known for using compromised credentials and targeting Internet-exposed services to gain initial access to victims' networks.

About this happening: The **Gentlemen ransomware** campaign has now been tied to a **ransomware attack on Oltenia Energy Complex** on the **second day of Christmas**, disrupting **ERP systems**, **docu...

TeamPCP and Vect partner to turn supply-chain compromises into ransomware follow-on campaigns

Threat Actor Meta
H score11 First: 31.03.2026 15:15 Last: 31.03.2026 15:15 Sources 1

About this happening: TeamPCP and **Vect ransomware group** are linking **supply-chain compromises** to **follow-on ransomware campaigns**, broadening extortion risk for affected organizations. The shi...

Aleksey Olegovich Volkov sentenced in Yanluowang ransomware case

Law Enforcement
H score35 First: 24.03.2026 15:06 Last: 24.03.2026 15:06 Sources 1

About this happening: The **Justice Department** said **Aleksey Olegovich Volkov** was **sentenced to 81 months** in prison for serving as an **initial access broker** in **Yanluowang ransomware** atta...

The Gentlemen RaaS split exposed by hastalamuerte

Threat Actor Meta
H score25 First: 19.03.2026 18:00 Last: 19.03.2026 18:00 Sources 1

About this happening: **hastalamuerte** exposed the internal workings of **The Gentlemen** ransomware group, revealing a **Qilin-related RaaS split** that shows how affiliate-driven ecosystems can rapi...

Timeline

  1. 29.12.2025 16:26 3 articles · 6mo ago

    Gentlemen ransomware operation using compromised credentials and exposed services

    Initial Disclosure

    At emergence in **August**, the operation focused on breaking into networks through **compromised credentials** and **Internet-exposed services**. Early activity centered on encrypting documents and using **README-GENTLEMEN.txt** ransom notes.

    Show sources