Who Runs the Ransomware Group ‘The Gentlemen?’ – Krebs on Security

Staff Editor 2026-06-13
Who Runs the Ransomware Group ‘The Gentlemen?’ – Krebs on Security

Who Runs the Ransomware Group ‘The Gentlemen?’ – Krebs on Security

https://krebsonsecurity.com/2026/06/who-runs-the-ransomware-group-the-gentlemen/

Publish Date: 2026-06-10 10:55:26

Source Domain: krebsonsecurity.com

Summary:
The cybercrime group known as The Gentlemen has become the second most active ransomware gang by victim count, employing aggressive recruitment tactics to poach hackers from other programs by offering an unusually high 90 percent share of ransom payments. Security firm Check Point Software has identified Hastalamuerte, operating under the nickname Zeta88, as its primary administrator, a figure who not only controls the RaaS platform and manages payments but also develops malware. Intel 471 identified multiple online personas tied to Izhevsk-based Russian citizen Alexander Yapaev, corroborated by accounts linked to government and social media databases. The investigation points to Yapaev’s early lack of operational security, which contributed to his identification. The threat research group PRODAFT also corroborated these findings, revealing further operational details aligned with Hastalamuerte/Yapaev as the administrator.

Key Points:

  • The Gentlemen ransomware group is highly successful, being the second most active by victim count, employing aggressive recruitment strategies.
  • The group’s administrator, Hastalamuerte/Zeta88, is identified as Russian national Alexander Yapaev, based on multiple correlating online and government records.
  • Yapaev’s failure to safeguard his online identity led to his identification as part of The Gentlemen’s inner operations, including ransomware development and payment management.
  • The investigation underscores how operational security mistakes in early criminal careers often provide clear clues about an individual’s identity.
  • PRODAFT’s detailed analysis supports the persona of Zeta88/Hastalamuerte, focusing on his direct involvement in affiliate access, ransomware development using AI, and post-exploitation activities.

More Stories

China issues new financial data rules in major cybersecurity push

China issues new financial data rules in major cybersecurity push

Staff Editor 2026-06-13
China issues new rules for financial services data in cybersecurity push | World News

China issues new rules for financial services data in cybersecurity push | World News

Staff Editor 2026-06-13
Accenture cyber leads: why hiring more people won’t solve the cybersecurity talent gap

Accenture cyber leads: why hiring more people won’t solve the cybersecurity talent gap

Staff Editor 2026-06-13

You may have missed

China issues new financial data rules in major cybersecurity push

China issues new financial data rules in major cybersecurity push

Staff Editor 2026-06-13
China issues new rules for financial services data in cybersecurity push | World News

China issues new rules for financial services data in cybersecurity push | World News

Staff Editor 2026-06-13
UK sets out AI infrastructure push at London Tech Week – how does it stack up? | AI (artificial intelligence)

UK sets out AI infrastructure push at London Tech Week – how does it stack up? | AI (artificial intelligence)

Staff Editor 2026-06-13
The Best AI ETF To Invest ,000 In Today

The Best AI ETF To Invest $1,000 In Today

Staff Editor 2026-06-13
AI in political ads: Michigan law requires clear disclosure

AI in political ads: Michigan law requires clear disclosure

Staff Editor 2026-06-13

Terms and Conditions - Privacy Policy