Top News

New Delhi: A new ransomware group is quietly climbing the charts, and it is doing it fast. The group is called The Gentlemen. The name sounds polite, but the attacks are anything but.

According to a new report by Check Point Research, the group has already claimed over 320 victims since mid 2025. What really stands out is 240 attacks happening in just the early months of 2026.

The Gentlemen ransomware is growing fast

The report says The Gentlemen is now the second most active ransomware group this year by victim count.

What shocked researchers more was what they found behind the scenes. They accessed a live attacker server and saw a botnet of over 1,570 likely corporate victims.

That means many companies may already be compromised and just waiting for the attack to hit. Scary part is, victims listed publicly are only those who refused to pay.

Why hackers are joining The Gentlemen

Here is where it gets interesting. The Gentlemen did not invent anything new. Ransomware-as-a-Service (RaaS) has existed for a while now; they just made ransomware more profitable.

Most ransomware groups split money 80-20. The Gentlemen are offering 90 per cent to affiliates.

That extra cut is pulling in experienced hackers from other gangs. More hackers means more attacks. Simple math.

How these attacks actually happen

The group mostly looks for weak internet-facing systems. Things like VPNs, firewalls, remote access portals.

Once inside, things move fast. Very fast.

• They gain admin control
• Move across systems
• Disable security tools
• Lock the entire network within hours

In one case, the attacker already had domain-level access before the attack even started.

No limits on targets, even healthcare

Some ransomware groups avoid hospitals. The Gentlemen do not seem to follow that rule.

The report shows healthcare is now among the top three targets.

That is worrying. These attacks can hit critical systems and real lives.