thegentlemen
Ransomware group profile
406Victims
RussiaSource country
89Impact score
Also Known As
The Gentlemen Ransomware
the gentlemen
Description
The Gentlemen is a financially motivated ransomware-as-a-service group that emerged in early 2023 and gained significant prominence by 2025. They utilize a double-extortion model, encrypting data while threatening to leak sensitive information, often accelerating pressure tactics without extensive negotiations.
Key insights
- •Targets primarily sectors like healthcare, technology, and construction, avoiding Commonwealth of Independent States entities.
- •Initial access often gained through exploitation of CVE-2024-55591 in FortiOS and FortiProxy devices.
- •Employs advanced tactics including BYOVD attacks for evasion and a pre-ransomware script to disable security measures.
- •Maintains a database of compromised credentials to enhance targeting and operational effectiveness.
- •Demonstrates a preference for rapid data publication to maximize pressure on victims.
Threat Level & Status Breakdown
For thegentlemen · Based on incidents in selected period
4.2threat level
Aggressiveness10/ 10
Lethality0/ 10
Criticality2.4/ 10
Status Breakdown
Negotiating0.5%2
Claimed77.3%314
First seenJun 2025
Last seenMay 2026
Avg ransom—
Payment rate—
Statusactive
Sophistication0
Last updatedJun 2, 2026
Recent activity
Monthly attack count for thegentlemen in the selected period
406Total attacks
98peak in Apr
33.8avg / month
↑ 68 vs first month
Intelligence
IOCs, YARA/Sigma rules, and related families for thegentlemen
- 7e366683f1d175278feefaaa35d87e87076931974506b9f373a775a428c28f10
TTPs & Attack Vectors
Tools, initial access, and MITRE ATT&CK techniques for thegentlemen
CVE-2025-7771
CVE-2025-33073
CVE-2025-32433
CVE-2024-55591
CVE-2024-37085
CVE-2023-27532
Other
T1486
T1486
T1490
T1490
T1078
T1078
T1068
T1068
T1059
T1059
T1562
T1562
T1021
T1021
T1021.001
T1021.001
T1047
T1047
T1218
T1218
T1550
T1550
T1555
T1555
Victims(200)
| Company | Domain | Country | Industry | Status | Discovered | |
|---|---|---|---|---|---|---|
| Corporacion Prokompra | dnb.com | CL Chile | Professional Services | Unknown | 6 days ago | |
| Heartland Growers | heartlandgrowers.com | US United States | Other | Unknown | 6 days ago | |
| Fonderia Corra | fonderiacorra.com | IT Italy | Manufacturing | Unknown | 6 days ago | |
| Grupo Premier | grupopremier.com.mx | MX Mexico | Retail & E-Commerce | Unknown | 6 days ago | |
| Techmar | zoominfo.com | GB United Kingdom | Technology | Unknown | 6 days ago | |
| Mayelia Automotive | mayelia.com | MX Mexico | Manufacturing | Unknown | 6 days ago | |
| Openmind Networks | openmindnetworks.com | IE Ireland | Technology | Unknown | 11 days ago | |
| Koa Glass | koaglass.co.jp | JP Japan | Manufacturing | Unknown | 11 days ago | |
| ACAM Systemautomation | acam.at | AT Austria | Manufacturing | Unknown | 11 days ago | |
| TRANSSYSTEM Group | transsystem.pl | PL Poland | Transportation | Unknown | 11 days ago | |
| Caka Grup Lojistik | cakagrup.com | TR Turkey | Transportation | Unknown | 11 days ago | |
| Hussey Seatway | husseyseatway.com | GB United Kingdom | Transportation | Unknown | 11 days ago | |
| Sanatorio Delta | sanatoriodelta.com | AR Argentina | Healthcare | Unknown | 11 days ago | |
| Le Perreux sur Marne | leperreux94.fr | FR France | Government & Defense | Unknown | 11 days ago | |
| Seeley Office Systems | seeleyoffice.com | AU Australia | Professional Services | Unknown | 11 days ago | |
| YMCA of Columbia | columbiaymca.org | US United States | Retail & E-Commerce | Unknown | 13 days ago | |
| Grupo Pasquel | grupopasquel.com | EC Ecuador | Other | Unknown | 13 days ago | |
| University of Finance and Administration | vsfs.cz | CZ Czech Republic | Education | Unknown | 16 days ago | |
| Modern Display | moderndisplay.com | US United States | Manufacturing | Unknown | 16 days ago | |
| DEVO-Tech | devo-tech.ch | CH Switzerland | Technology | Unknown | 16 days ago |
Page 1 of 10
Affected countries(75)
Countries where this group has been reported to target or leak victims.
🇦🇪United Arab Emirates🇦🇷Argentina🇦🇹Austria🇦🇺Australia🇧🇪Belgium🇧🇷Brazil🇨🇦Canada🇨🇭SwitzerlandCôte d'Ivoire🇨🇱Chile🇨🇳China🇨🇴Colombia🇨🇿Czech Republic🇩🇪Germany🇩🇰Denmark🇩🇿Algeria🇪🇨Ecuador🇪🇬Egypt🇪🇸Spain🇫🇯Fiji🇫🇷France🇬🇧United Kingdom🇬🇭Ghana🇬🇲GambiaGuadeloupe🇬🇷Greece🇭🇰Hong Kong🇭🇳Honduras🇮🇩Indonesia🇮🇪Ireland🇮🇱Israel🇮🇳India🇮🇶Iraq🇮🇸Iceland🇮🇹Italy🇯🇲Jamaica🇯🇴Jordan🇯🇵Japan🇰🇪Kenya🇰🇼Kuwait🇱🇧Lebanon🇱🇨Saint Lucia🇲🇦Morocco🇲🇹Malta🇲🇽Mexico🇲🇾Malaysia🇳🇬Nigeria🇳🇱Netherlands🇳🇵Nepal🇳🇿New Zealand🇴🇲Oman🇵🇦Panama🇵🇪Peru🇵🇭Philippines🇵🇰Pakistan🇵🇱PolandPuerto Rico🇵🇹Portugal🇵🇾Paraguay🇶🇦Qatar🇷🇴Romania🇸🇦Saudi Arabia🇸🇨Seychelles🇸🇪Sweden🇸🇬Singapore🇸🇳Senegal🇹🇭Thailand🇹🇳Tunisia🇹🇷TurkeyTaiwan, Province of China🇺🇸United States🇺🇾UruguayVenezuela, Bolivarian Republic of🇻🇳Vietnam🇿🇦South Africa