databreaches.net 5/11/2026, 10:01:47 PM · via preferred

Gentlemen Ransomware Group leaks internal chats after breach

Developing story incident 2 articles tracked
Gentlemen RaaS internal database leak exposes member accounts and chats
CyberSIXT Evidence Panel Source marked as original reporting
Threat Actor

THE Gentlemen Ransomware Group, which surfaced as a ransomware-as-a-service operation in mid-2025, became the subject of a data breach exposing internal correspondence across the internet. Hints of the breach first surfaced on 4 May 2025 when a post to Breached claimed stolen data was for sale for $10,000 in bitcoin, with samples available on request, according to Bank InfoSecurity. The same user subsequently linked to MediaFire to allow free download of the seized data.

The group acknowledged that part of their infrastructure was hosted on 4VPS and that attackers obtained NAS credentials, though they claim weeks of exfiltration attempts failed because the intruders lacked the necessary IP. They said control panels and lockers were never accessed and announced a communications overhaul, a new NAS with effectively unlimited storage scheduled to go online on Victory Day, and locker infrastructure upgrades. If the leaked data are verified, that might raise doubts about the accuracy of their assurances.

View full article

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline