The article describes an internal breach of the ransomware-as-a-service group 'The Gentlemen,' exposing their backend infrastructure, affiliate operations, and victim management tools. The group's methods include targeting internet-facing systems, abusing credentials, and deploying EDR-killer tools to encrypt Windows, Linux, NAS, and ESXi environments. No specific vulnerability, CVSS score, affected software versions, patches, or workarounds for defensive IT systems are provided in the source material.
Ransomware Ransomware group ‘The Gentlemen’ suffers internal breach, exposing operations May 18, 2026 Share By SC Staff (Adobe Stock) As reported by HackRead, the ransomware group known as The Gentlemen experienced a significant breach of its internal systems in May 2026, offering researchers an unprecedented look into the operational mechanics of a cybercriminal organization that had previously operated with a high degree of perceived anonymity. Researchers at Check Point Research (CPR) gained visibility into The Gentlemen's backend infrastructure, affiliate activities, and victim management tools after the group's own systems were compromised. The leaked data, including internal chats and databases, revealed discussions among affiliates about attack methods, credential abuse, and the use of EDR-killer tools. The Gentlemen, which emerged in 2025, operates on a ransomware-as-a-service model, reportedly offering affiliates a 90% revenue share. Their attacks focus on internet-facing systems, disabling security tools, and encrypting Windows, Linux, NAS, and ESXi environments. The breach also indicated a victim count exceeding 1,570, significantly higher than publicly displayed numbers. Despite this internal security failure, The Gentlemen has reportedly partnered with a new version of BreachForums, indicating continued operational activity. Source: HackRead An In-Depth Guide to Ransomware Get essential knowledge and practical strategies to protect your organization from ransomware attacks. Learn More SC Staff Related Phishing Tycoon2FA phishing kit evolves with device-code attacks on Microsoft 365 SC Staff May 18, 2026 The Tycoon2FA phishing kit has adapted to leverage OAuth 2.0 device authorization grant flows, enabling it to compromise Microsoft 365 accounts. Breach Grafana Labs discloses GitHub environment breach, source code downloaded SC Staff May 18, 2026 The breach occurred after a threat actor obtained a compromised token. Phishing Consumers face increasing online scams, as AI fuels sophisticated attacks SC Staff May 18, 2026 F-Secure's Scam Intelligence & Impacts Report reveals that 56% of consumers faced monthly scam attempts in 2025. Related Events Cybercast Ransomware reloaded: Finding resilience when attackers wield AI On-Demand Event Virtual Conference Ransomware Resilience: Strategies to Defend, Mitigate, and Recover On-Demand Event Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe You can skip this ad in 5 seconds