Check Point Research Publishes Findings Based on Leaked Internal Data from The Gentlemen Ransomware Group
NQ Score
85/100
AI analysis data is not yet available.
Frequently Asked Questions
- Q: What ransomware group did Check Point Research investigate, and how many victims were publicly disclosed in 2026?
- A: The investigation focused on The Gentlemen ransomware-as-a-service group, which had more than 400 publicly disclosed victims in 2026.
- Q: Who is the administrator of The Gentlemen ransomware group, and what previous ransomware affiliation did they have?
- A: The administrator, known as zeta88 or hastalamuerte, was a former affiliate of the Qilin ransomware program before launching The Gentlemen operation.
- Q: Which AI coding assistants and models did The Gentlemen use to develop their ransomware, and how quickly was their management panel built?
- A: They employed AI coding assistants based on Chinese models DeepSeek and Qwen, allowing the administrator to build the entire RaaS management panel in just three days.
- Q: How did the compromise of The Gentlemen’s internal systems in May 2026 become linked to a hosting provider, and what is the name of that provider?
- A: The internal systems were compromised in May 2026, and the breach is believed to be connected to the hosting provider 4VPS, which the group used for its infrastructure.
- Q: What method did The Gentlemen use to gain initial access to victims, and how did they demonstrate a cascading compromise involving customer data?
- A: Their initial access relied almost entirely on unpatched edge devices and purchased credentials, and they used stolen victim data to later attack that victim’s customers, showing a real‑world cascade of compromise.