Skip to main content
News Directory 3
  • Business
  • Entertainment
  • Health
  • News
  • Sports
  • Tech
  • World
Menu
  • Business
  • Entertainment
  • Health
  • News
  • Sports
  • Tech
  • World
Unmasking the Mastermind Behind The Gentlemen Ransomware Gang - News Directory 3

Unmasking the Mastermind Behind The Gentlemen Ransomware Gang

June 12, 2026 Lisa Park Tech
News Context
At a glance
Original source: krebsonsecurity.com

Text
The cybercrime group known as The Gentlemen has emerged as the second most active ransomware gang by victim count, with experts attributing its rapid growth to a 90/10 affiliate revenue split that outpaces the industry standard 80/20 model. Check Point Software, a cybersecurity firm, confirmed the group’s rise, noting it has targeted at least 332 victims since its inception in mid-2025 and 240 in 2026 alone. The group’s administrator, identified through cyberintelligence research as a Russian individual linked to multiple online personas, has drawn scrutiny for connecting a sophisticated ransomware-as-a-service (RaaS) operation to real-world identities.

Subheading
Who is Hastalamuerte?
The administrator of The Gentlemen, known online as Hastalamuerte, has been traced to Izhevsk, the capital of Russia’s Udmurt Republic, through digital footprints spanning cybercrime forums and encrypted messaging platforms. Intel 471, a cyberintelligence firm, found Hastalamuerte registered on Breachforums in January 2025 from an IP address in Izhevsk, while another alias, Zeta88, appeared on the English-language forum Breached in 2022 from a different address in the same city.

Hastalamuerte’s digital presence includes a Protonmail account, hastalamuerte1488@protonmail.com, linked to a GitHub profile under the username SantaMuerte. This account, though private, shows activity in developing malware tools. The same email was used to register a Telegram handle, @hastalamuerte18, which was assigned the unique ID 30907522, according to threat intelligence company Flashpoint.

Constella Intelligence, a breach tracking service, connected Hastalamuerte’s Telegram ID to the username “bu4vs” and a Russian phone number, 79127650004. Pivoting on this number revealed records in hacked Russian government databases pointing to Alexander Andreevich Yapaev, a 36-year-old from Izhevsk. Yapaev’s email address, bu4vs@mail.ru, was also linked to a LinkedIn profile listing him as the head of B2B marketing at Uralenergo Udmurtia, a Russian electrotechnical company.

Text
Check Point Software confirmed that Hastalamuerte/Zeta88 serves as the administrator of The Gentlemen, managing the group’s ransomware distribution panel and receiving 10% of all ransoms. The firm noted that a breach of the group’s backend infrastructure in 2026 exposed this role, revealing the individual’s central involvement in operations.

Subheading
The Evolution of a Cybercriminal Identity
Hastalamuerte’s online history suggests a gradual progression from novice hacker to organized cybercriminal. Intel 471’s analysis of forums like Nulled and Raidforums shows the user began posting in 2019, with early activity indicating limited technical expertise. In 2020, Hastalamuerte joined a Telegram-based training program, @pntst, to learn penetration testing tools, according to Google-translated records of their posts.

The user’s early posts reveal struggles with basic cybersecurity tasks, such as configuring exploit kits and navigating command-line interfaces. This contrasts with their later role in managing a high-profile RaaS operation, highlighting the potential for skill development within cybercrime ecosystems.

Text
PRODAFT, a threat research group, released a detailed analysis of The Gentlemen in June 2026, corroborating the connection between Hastalamuerte and the group’s operations. The report found the administrator provides affiliates with initial access via stolen Fortinet SSL-VPN credentials, obtained through brute-force attacks or the group’s leak database. PRODAFT also noted the use of AI to develop and maintain the ransomware, as well as assist with post-exploitation activities.

Subheading
Why Do Russian Cybercriminals Often Avoid Anonymity?
The apparent lack of operational security among Russian cybercriminals, including Hastalamuerte, reflects broader geopolitical and cultural dynamics. Russian law enforcement typically ignores cybercrime unless it targets domestic entities, allowing hackers to operate with relative impunity. This environment, combined with the country’s strong IT workforce, has created a fertile ground for organized cybercrime.

Experts suggest that many cybercriminals begin their careers with minimal security practices, often due to inexperience or the belief that they will not be targeted. Over time, some adopt more sophisticated tactics, while others remain vulnerable to investigation.

Text
The case of The Gentlemen underscores the challenges of tracing cybercriminals in an increasingly automated and decentralized threat landscape. While the group’s administrator has left a digital trail, the anonymity of the internet and the lack of international cooperation in cybercrime investigations complicate efforts to hold individuals accountable.

Subheading
What Comes Next for The Gentlemen?
Check Point Software and PRODAFT both note that The Gentlemen’s use of AI and its aggressive recruitment strategy could lead to further expansion. The group’s focus on Internet-facing devices, such as VPNs and firewalls, suggests a continued emphasis on high-impact targets.

However, increased scrutiny from cybersecurity firms and law enforcement may force the group to adopt more clandestine methods. The identification of Hastalamuerte as a key figure could also prompt targeted investigations, though the Russian government’s stance on cybercrime remains a significant barrier to international action.

Text
The Gentlemen’s rise highlights the evolving nature of ransomware as a service, where financial incentives drive innovation and scale. As cybersecurity defenses improve, groups like The Gentlemen may increasingly rely on AI and automation to maintain their advantage. For victims, the group’s rapid growth underscores the need for robust network security and proactive threat detection.

Subheading
The Broader Implications for Cybersecurity
The case of The Gentlemen also raises questions about the role of state actors in enabling or tolerating cybercrime. While Russia has not officially endorsed the group’s activities, its lax enforcement of cyber laws has allowed such operations to flourish. This dynamic creates a paradox for global cybersecurity efforts, where international cooperation is hindered by geopolitical tensions.

For organizations, the group’s tactics—such as exploiting weak VPN configurations and leveraging AI for malware development—emphasize the importance of regular security audits and employee training. As ransomware groups become more sophisticated, the cost of inaction grows, with potential consequences ranging from data loss to reputational damage.

Text
The identification of Hastalamuerte as a central figure in The

Share this:

  • Share on Facebook (Opens in new window) Facebook
  • Share on X (Opens in new window) X

Related

Search:

News Directory 3

News Directory 3 catalogs US newspapers, news services, newsstands and digital news outlets across all 50 states. Browse local publishers by city, state, or topic, and follow current headlines linked back to their original sources.

Quick Links

  • Disclaimer
  • Terms and Conditions
  • About Us
  • Advertising Policy
  • Contact Us
  • Cookie Policy
  • Editorial Guidelines
  • Privacy Policy

Browse by State

  • Alabama
  • Alaska
  • Arizona
  • Arkansas
  • California
  • Colorado

© 2026 News Directory 3. All rights reserved.
For contact, advertising, copyright, issues email: office@newsdirectory3.com