June 11, 2026
Crooks, crypto, and karma
Who Runs the Ransomware Group 'The Gentlemen?'
A flashy crime crew may have a real-world face — and commenters are split between shock and side-eye
TLDR: Researchers say they may have traced the operator of the fast-growing ransomware gang The Gentlemen to a real person in Russia. Commenters turned it into a drama fest: some treated it like a huge villain unmasking, while others openly questioned whether the group is even legit.
The internet loves a villain reveal, and this one came with money, mystery, and a whole lot of side-eye. Security researchers say The Gentlemen — a fast-rising online extortion gang — has become one of the busiest groups of its kind by luring partners with a juicy 90% cut of ransom payouts. In plain English: they’re basically offering the best commission in a very bad business. Researchers now say the person running the show may be a man from Izhevsk, Russia, after tracing usernames, email addresses, Telegram accounts, and even a phone number.
But the real fireworks are in the reactions. One commenter summed up the alleged mastermind as someone running a “dark digital extortion empire,” which sounds like a Netflix pitch waiting to happen. Another person was far less convinced, bluntly asking if the group is even real or just “another group invented… to create some good stories.” That skepticism is the thread’s biggest tension: is this a major unmasking, or are people getting swept up in cybercrime fan-fiction?
Then came the crowd favorite: a delicious bit of karma. One commenter highlighted the idea that if top Russian hackers get publicly identified, they might face shakedowns, extortion, or even kidnapping over their crypto fortunes, ending with the meme-worthy line: “Oh, the turntables...” It’s dark, chaotic, and exactly the kind of comment-section drama people can’t stop reading. Even a random tip about a page that interviews cybercriminals added to the lurid, true-crime energy.
Key Points
- •Check Point Software says The Gentlemen is the second most active ransomware group by victim count, with at least 332 published victims since mid-2025 and more than 240 in 2026.
- •The group reportedly uses a 90/10 affiliate revenue split, higher than the industry-standard 80/20, to attract experienced ransomware operators.
- •According to Check Point, The Gentlemen targets internet-facing devices such as VPNs and firewalls and can encrypt entire networks within hours of access.
- •Check Point says the administrator of the group uses the aliases Zeta88 and Hastalamuerte and handles the locker, RaaS panel, and ransom payments.
- •Threat intelligence and OSINT services cited in the article link those aliases to registrations, accounts, and a Russian phone number associated with Alexander Andreevich Yapaev of Izhevsk.