Infostealers, AI, and a 90% Affiliate Cut Fuel The Gentlemen group’s Rise
Infostealers, AI, and a 90% Affiliate Cut Fuel The Gentlemen group’s Rise
Publish Date: 2026-06-15 02:58:21
Source Domain: securityaffairs.com
The ransomware group The Gentlemen has distinguished itself by leveraging infostealers, AI tools, and a highly lucrative affiliate model that offered intruders 90% of collected ransoms. From September 2025 to June 2026, they listed 483 victims across 66 countries, making them the second most prolific ransomware group behind Qilin. A leak of their chat logs revealed a core team employing AI-assisted methods and focusing on obtaining stolen credentials, rather than developing bespoke malware. This strategy allowed them to target countries beyond typical ransomware areas, prioritizing Latin America and select European countries. As a result, they exploited vulnerabilities like FortiOS and compromised Active Directory systems to gain access rather than relying on encryption. The use of AI, phishing tactics, and real-time extortion approaches signify a modern approach to cybercrime requiring robust measures like rapid patching and strong session management to mitigate risks.
Key Points:
– The Gentlemen used infostealers and AI to target 483 victims in 66 countries in less than a year.
– Their success was fueled by aggressive affiliate partnerships offering high ransom shares.
– The group prioritized regions outside the U.S., targeting utilities over large manufacturers based on faster payment potential.
– Their main sector of focus was manufacturing, followed by technology, business services, and healthcare.
– Defense against The Gentlemen requires prompt patching of vulnerabilities, strong session management, and robust network segmentation.
