{"id":269306,"date":"2026-06-10T10:09:00","date_gmt":"2026-06-10T14:09:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/06\/10\/who-runs-the-ransomware-group-the-gentlemen-krebs-on-security\/"},"modified":"2026-06-10T10:15:33","modified_gmt":"2026-06-10T14:15:33","slug":"who-runs-the-ransomware-group-the-gentlemen-krebs-on-security","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/06\/10\/who-runs-the-ransomware-group-the-gentlemen-krebs-on-security\/","title":{"rendered":"Who Runs the Ransomware Group \u2018The Gentlemen?\u2019 \u2013 Krebs on Security"},"content":{"rendered":"<p><a href=\"https:\/\/krebsonsecurity.com\/2026\/06\/who-runs-the-ransomware-group-the-gentlemen\/\">Who Runs the Ransomware Group \u2018The Gentlemen?\u2019 \u2013 Krebs on Security<\/a><\/p>\n<p><a href=\"https:\/\/krebsonsecurity.com\/2026\/06\/who-runs-the-ransomware-group-the-gentlemen\/\">https:\/\/krebsonsecurity.com\/2026\/06\/who-runs-the-ransomware-group-the-gentlemen\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-10 10:09:00<\/a><\/p>\n<p>Source Domain: <a href=\"krebsonsecurity.com\">krebsonsecurity.com<\/a><\/p>\n<p>A cybercrime group known as <strong>The Gentlemen<\/strong> has emerged as the second most active ransomware gang by victim count, rapidly attracting a talented pool of hackers through an aggressive recruitment strategy that promises affiliates 90 percent of any ransom paid by victims. This post examines clues pointing to a real life identity for the administrator of The Gentlemen ransomware group.<\/p>\n<p id=\"caption-attachment-73785\" class=\"wp-caption-text\">A graphic created and shared by The Gentlemen ransomware group administrator Hastalamuerte on Breachforums in May 2026. Credit: ke-la.com.<\/p>\n<p>Experts at the security firm <strong>Check Point Software<\/strong> have been closely covering exploits of The Gentlemen, a so-called \u201cransomware-as-a-service\u201d (RaaS) offering that pays affiliates handsomely to help spread the group\u2019s malware.<\/p>\n<p>\u201cA 90\/10 affiliate revenue split \u2014 compared to the industry standard 80\/20 \u2014 is accelerating the group\u2019s growth by attracting experienced operators from competing programs,\u201d the researchers wrote in April.<\/p>\n<p>Check Point found The Gentlemen are the second most active ransomware group by victim count so far this year, claiming at least 332 published victims since the group\u2019s inception in mid-2025 and more than 240 in 2026 alone.<\/p>\n<p>According to Check Point, the group targets Internet-facing devices (VPNs, firewalls) as their entry point, and once inside moves quickly to encrypt entire networks within hours.<\/p>\n<p>Check Point says the administrator and primary operator of the ransomware group uses the nickname <strong>Zeta88<\/strong> on the Russian-language cybercrime forums, and that this individual was previously known under the moniker <strong>Hastalamuerte<\/strong>. Check Point noted that a breach of the group\u2019s backend infrastructure made it clear that Hastalamuerte\/Zeta88 is the person who assembles the locker and RaaS panel, manages payments, and is essentially the administrator of the entire program who receives 10 percent of all ransoms.<span id=\"more-73768\"\/><\/p>\n<h2>WHO IS HASTALAMUERTE?<\/h2>\n<p>The cyber intelligence firm <strong>Intel 471<\/strong> shows that the user Hastalamuerte is&#8230;<\/p>\n<p><a href=\"https:\/\/krebsonsecurity.com\/2026\/06\/who-runs-the-ransomware-group-the-gentlemen\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Who Runs the Ransomware Group \u2018The Gentlemen?\u2019 \u2013 Krebs on Security https:\/\/krebsonsecurity.com\/2026\/06\/who-runs-the-ransomware-group-the-gentlemen\/ Publish Date: 2026-06-10&#8230;<\/p>\n","protected":false},"author":1,"featured_media":269307,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/krebsonsecurity.com\/wp-content\/uploads\/2026\/06\/thegentlemen.png","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[30,32],"class_list":["post-269306","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-breach","tag-malware"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/269306"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=269306"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/269306\/revisions"}],"predecessor-version":[{"id":269308,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/269306\/revisions\/269308"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/269307"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=269306"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=269306"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=269306"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}