Ransomware Intelligence

thegentlemen Ransomware Group

Ransomware group profile

554Victims
RussiaSource country
89Impact score
Also Known As
The Gentlemen Ransomware
the gentlemen

Description

The Gentlemen is a financially motivated ransomware-as-a-service group that emerged in early 2023 and gained significant prominence by 2025. They utilize a double-extortion model, encrypting data while threatening to leak sensitive information, often accelerating pressure tactics without extensive negotiations.

Key insights

  • Targets primarily sectors like healthcare, technology, and construction, avoiding Commonwealth of Independent States entities.
  • Initial access often gained through exploitation of CVE-2024-55591 in FortiOS and FortiProxy devices.
  • Employs advanced tactics including BYOVD attacks for evasion and a pre-ransomware script to disable security measures.
  • Maintains a database of compromised credentials to enhance targeting and operational effectiveness.
  • Demonstrates a preference for rapid data publication to maximize pressure on victims.

Threat Level & Status Breakdown

For thegentlemen · Based on incidents in selected period

4.2threat level
Aggressiveness10/ 10
Lethality0.1/ 10
Criticality2.3/ 10

Status Breakdown

Data Leaked0.5%3
Negotiating0.5%3
Claimed62.8%348
First seenJul 2025
Last seenJul 2026
Avg ransom
Payment rate
Statusactive
Sophistication0
Last updatedJul 14, 2026

Recent activity

Monthly attack count for thegentlemen in the selected period

554Total attacks
119peak in Jun
42.6avg / month
↑ 39 vs first month
JulAugSepOctNovDecJanFebMarAprMayJunJul0306090120

Intelligence

IOCs, YARA/Sigma rules, and related families for thegentlemen

  1. 7e366683f1d175278feefaaa35d87e87076931974506b9f373a775a428c28f10
View full IOC feed16 total

TTPs & Attack Vectors

Tools, initial access, and MITRE ATT&CK techniques for thegentlemen

CVE-2025-7771
CVE-2025-33073
CVE-2025-32433
CVE-2024-55591
CVE-2024-37085
CVE-2023-27532
Other

T1486

T1486

T1490

T1490

T1078

T1078

T1068

T1068

T1059

T1059

T1562

T1562

T1021

T1021

T1021.001

T1021.001

T1047

T1047

T1218

T1218

T1550

T1550

T1555

T1555

Victims(200)

CompanyDomainCountryIndustryStatusDiscovered
Dash Door Glassdashdoor.comUS United StatesManufacturing
Unknown
5 days ago
BDO Greecebdo.grGR GreeceProfessional Services
Unknown
5 days ago
Caritacarita.comFR France
Unknown
5 days ago
Lopes Lawlopeslawllc.comUS United StatesProfessional Services
Negotiating
5 days ago
Gene Codes Forensicsgenecodesforensics.comUS United StatesHealthcare
Unknown
5 days ago
VASBEvasbe.comRU RussiaProfessional Services
Unknown
5 days ago
Welders Supply Equipment Rentalswserentals.comUS United StatesOther
Unknown
5 days ago
Pharma Wholesalepharmawholesale.comUS United StatesHealthcare
Unknown
5 days ago
Martin cavamartincava.comAR ArgentinaRetail & E-Commerce
Claimed
6 days ago
Energonenergon.czCZ Czech RepublicEnergy & Utilities
Claimed
6 days ago
Fortrayfortray.comGB United KingdomProfessional Services
Claimed
6 days ago
Aveiro constructors limitedaveiroltd.comCA CanadaOther
Claimed
6 days ago
Vicenzi groupvicenzi.itIT ItalyManufacturing
Claimed
6 days ago
Open optionsooaccess.comUS United StatesProfessional Services
Claimed
6 days ago
Crossroads medical managementcrossroadsmedicalmgmt.comUS United StatesHealthcare
Claimed
6 days ago
Internet aginet.deDE GermanyTechnology
Claimed
6 days ago
Triquestatriquesta.comSG SingaporeTechnology
Claimed
6 days ago
Ferretería scopazzoferreteriascopazzo.com.arAR ArgentinaRetail & E-Commerce
Claimed
6 days ago
Technical Solutions Grouptsgpc.comUS United StatesProfessional Services
Unknown
8 days ago
Pro-Tech Technologyptt-asia.comSG SingaporeTechnology
Unknown
8 days ago

Page 1 of 10

Affected countries(93)

Countries where this group has been reported to target or leak victims.

🇦🇪United Arab Emirates🇦🇷Argentina🇦🇹Austria🇦🇺Australia🇧🇧Barbados🇧🇩Bangladesh🇧🇪Belgium🇧🇷Brazil🇨🇦Canada🇨🇭SwitzerlandCôte d'Ivoire🇨🇱Chile🇨🇳China🇨🇴Colombia🇨🇿Czech Republic🇩🇪Germany🇩🇰Denmark🇩🇴Dominican Republic🇩🇿Algeria🇪🇨Ecuador🇪🇬Egypt🇪🇸Spain🇫🇯Fiji🇫🇷France🇬🇧United Kingdom🇬🇭Ghana🇬🇲GambiaGuadeloupe🇬🇷Greece🇬🇹Guatemala🇭🇰Hong Kong🇭🇳Honduras🇭🇷Croatia🇭🇹Haiti🇭🇺Hungary🇮🇩Indonesia🇮🇪Ireland🇮🇱Israel🇮🇳India🇮🇶Iraq🇮🇸Iceland🇮🇹Italy🇯🇲Jamaica🇯🇴Jordan🇯🇵Japan🇰🇪KenyaKorea, Republic of🇰🇼KuwaitLao People's Democratic Republic🇱🇧Lebanon🇱🇨Saint Lucia🇱🇺Luxembourg🇲🇦MoroccoMoldova, Republic of🇲🇬Madagascar🇲🇹Malta🇲🇺Mauritius🇲🇽Mexico🇲🇾Malaysia🇳🇬Nigeria🇳🇱Netherlands🇳🇴Norway🇳🇵Nepal🇳🇿New Zealand🇴🇲Oman🇵🇦Panama🇵🇪Peru🇵🇬Papua New Guinea🇵🇭Philippines🇵🇰Pakistan🇵🇱PolandPuerto Rico🇵🇹Portugal🇵🇾Paraguay🇶🇦Qatar🇷🇴RomaniaRussian Federation🇸🇦Saudi Arabia🇸🇨Seychelles🇸🇪Sweden🇸🇬Singapore🇸🇳Senegal🇸🇻El Salvador🇹🇭Thailand🇹🇳Tunisia🇹🇷TurkeyTaiwan, Province of China🇺🇦Ukraine🇺🇸United States🇺🇾UruguayVenezuela, Bolivarian Republic of🇻🇳Vietnam🇿🇦South Africa