The Gentlemen ransomware is scaling fast—and rewriting the rules of cybercrime growth

A relatively new entrant in the ransomware ecosystem, The Gentlemen, is rapidly emerging as one of the most active and disruptive threat groups of 2026. Since its appearance in mid-2025, the ransomware-as-a-service (RaaS) operation has already claimed over 320 victims, with nearly 240 attacks recorded in 2026 alone—making it the second most active ransomware group by victim count this year.

What makes this rise particularly notable is not groundbreaking technical sophistication, but a combination of operational efficiency, aggressive scaling, and a business model designed to attract top-tier cybercriminal talent.

According to Check Point Research (CPR), which has been tracking the group since its inception, The Gentlemen’s growth trajectory rivals early-stage LockBit 3—long considered a benchmark in ransomware operations. CPR’s investigation uncovered even more concerning insights during a live incident response engagement, where researchers gained access to an attacker-controlled command-and-control server. The server revealed ...