ACCORDING to Check Point Research, on 4 May 2026 The Gentlemen RaaS administrator acknowledged the leak of an internal Rocket backend database, which exposed operational details about infrastructure, affiliates and victims. The published material includes chats and data showing 9 accounts and 8 unique TOX IDs linked to the operation, with the administrator often identified as zeta88/hastalamuerte who runs the panel, locker and payouts.
Public victim counts listed on the data leak site show approximately 332 victims in the first five months of 2026, making The Gentlemen one of the most active RaaS programmes in that period. The leak also reveals ransom negotiations, including a 190,000 USD payout after an initial anchor of 250,000 USD, and details of a UK software consultancy breach used to pressure a Turkish company.
Affiliates share profits on a 90% to affiliates and 10% to the operator basis, and the group tracks CVEs such as CVE-2024-55591, CVE-2025-32433 and CVE-2025-33073 as part of their exploit planning.