ONE of the world’s most prolific ransomware operations has itself been breached, offering unique insight into its inner workings. In the first five months of 2026, the Russian cybercriminal gang that calls itself The Gentlemen has published sensitive data belonging to around 332 organisations, according to Check Point Research, making it the second most productive ransomware group on the planet this year, just short of Qilin.
On or before 4 May 2026, an anonymous group compromised its internal back-end database and is now selling just over 16GB of The Gentlemen’s internal communications, tooling and other data for $10,000 in Bitcoin, while 44MB of stolen data leaked to prove the breach has attracted interest. The group’s operational structure is driven by a head administrator known as zeta88, who builds and maintains the locker malware, with two aides, qbit and quant, handling scanning, reconnaissance and access.
The Gentlemen also relies on about seven junior members, including red teamers, an access broker, and an advertising specialist, and reportedly operates a generous 90/10 payout split in favour of the other contributors. Smadja argues the leak reveals no secret formula or unique technical advantage, but notes the breach could still influence other affiliates to spin up their own RaaS operations.