Thus Spoke…The Gentlemen

Check Point Research analyzed a May 2026 partial leak of The Gentlemen RaaS 'Rocket' backend and internal chats, revealing a tightly coordinated ransomware ecosystem: an admin (zeta88/hastalamuerte) and ~9 core operators with at least 8 affiliate TOX IDs, ~320+ public victims in 2026, shared offensive tooling and EDR-evasion kits, active tracking of CVEs (e.g., CVE-2024-55591, CVE-2025-32433, CVE-2025-33073), evidence of reusing stolen data across attacks, negotiation/playbook details, IoCs (file hashes, YARA), and payment/laundering methods—constituting an active, high-impact criminal ransomware campaign.