THE Gentlemen Ransomware Group, which surfaced as a ransomware-as-a-service operation in mid-2025, became the subject of a data breach exposing internal correspondence across the internet. Hints of the breach first surfaced on 4 May 2025 when a post to Breached claimed stolen data was for sale for $10,000 in bitcoin, with samples available on request, according to Bank InfoSecurity. The same user subsequently linked to MediaFire to allow free download of the seized data.
The group acknowledged that part of their infrastructure was hosted on 4VPS and that attackers obtained NAS credentials, though they claim weeks of exfiltration attempts failed because the intruders lacked the necessary IP. They said control panels and lockers were never accessed and announced a communications overhaul, a new NAS with effectively unlimited storage scheduled to go online on Victory Day, and locker infrastructure upgrades. If the leaked data are verified, that might raise doubts about the accuracy of their assurances.