The rapid ascent of The Gentlemen ransomware group to become the second most active ransomware operation has raised serious concerns across the cybersecurity landscape. This emerging threat has distinguished itself through a remarkably aggressive recruitment strategy that promises affiliates 90 percent of ransom payments, significantly higher than the industry standard 80/20 split. According to researchers at Check Point Software, this approach has successfully attracted experienced operators from competing programs, accelerating the group's growth and impact.
Since emerging in mid-2025, The Gentlemen has claimed at least 332 published victims, with more than 240 attacks occurring just this year. Their methodology demonstrates both efficiency and sophistication, targeting Internet-facing devices such as VPNs and firewalls as initial entry points before rapidly moving laterally through networks to complete encryption within hours. This swift operational tempo gives security teams minimal response windows, increasing the likelihood of successful ransom demands.