Close Menu
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice

Subscribe to Updates

Get the latest creative news from FooBar about art, design and business.

What's Hot

Cybersecurity’s Economics Are Broken. Automation Alone Won’t Fix It

July 17, 2026

The Gentlemen Overtakes Qilin as Most Prolific Ransomware Threat

July 17, 2026

iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days

July 17, 2026
Facebook X (Twitter) Instagram
Friday, July 17
Facebook X (Twitter) Instagram Pinterest Vimeo
Cyberwire Daily
  • Home
  • News
  • Cyber Security
  • Internet of Things
  • Tips and Advice
Cyberwire Daily
Home»News»The Gentlemen Overtakes Qilin as Most Prolific Ransomware Threat
News

The Gentlemen Overtakes Qilin as Most Prolific Ransomware Threat

Team-CWDBy Team-CWDJuly 17, 2026No Comments3 Mins Read
Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
Share
Facebook Twitter LinkedIn Pinterest Email


There has been a shift in the ransomware ecosystem as a new group has emerged as the most prolific threat actor behind cyber extortion campaigns in recent months.

According to analysis of ransomware events between March and May 2026, The Gentlemen ransomware gang was responsible for the most attacks during the three-month period, accounting for 300 incidents.

The Gentlemen usurped the Qilin ransomware affiliate operation, which was the most prolific group during each quarter during the previous year. The number of Qilin incidents between May and March is reported at 289, dropping the group to the second most prolific.

The analysis of ransomware trends during the period by cybersecurity researchers at ReliaQuest was published on July 16.

In total, 1368 claims of victims by 11 ransomware groups were tracked via posts about them on data leak sites. The victims were spread across 99 countries.

There was a significant gap between ransomware incidents by The Gentlemen and Qilin compared with other notable ransomware operators, with DragonForce, Akira and LockBit accounting for between 150 and 100 observed incidents each during the period.

Read More: Why Ransomware Remains One of Cybersecurity’s Most Persistent and Costly Threats

Those three ransomware crews have been responsible for some of the most significant incidents in recent years, but, like Qilin, they appear to have been surpassed by a relative newcomer to the scene.

“The Gentlemen became the most-active group, powered by aggressive affiliate recruitment and a well-packaged intrusion kit that lowers the bar for new operators,” wrote Tristano Di Liberto, security analyst at ReliaQuest.

“The pressure The Gentlemen applies is likely to persist into Q3,” he added.

Analysis of The Gentlemen by ReliaQuest has suggested that the pre-packaged, easy-to-use tools that affiliates of the ransomware-as-a-service operation are provided with has played a significant role in the rise of the group.

Such tools include a playbook which affiliates can consult as a resource which gives them a guide to the attack chain and the workflow, advice on what edge devices to target for exploitation, how to use lightweight tunneling tools for command servers, and how to deploy Single-host Server Message Block (SMB) encryption.

Leaked chat logs have suggested that The Gentlemen, like some other cybercriminal operations, harness the power of AI tools to speed up development and new versions of their offering – and doing it faster than rival ransomware groups which have not attempted to exploit AI.

According to ReliaQuest, this could lead to affiliates abandoning their current provider in favor of The Gentlemen.

“It runs proven affiliate throughput, ships tools faster than most rivals through its AI-accelerated build pipeline and offers a pre-packaged intrusion kit that shortens ramp-up,” said Di Liberto.

To help protect against ransomware attacks, ReliaQuest recommended the following actions to cybersecurity leaders to strengthen networks and users against common intrusion methods:

  • Restrict RDP and remote access
  • Enforce Microsoft’s vulnerable-driver block list
  • Monitor blockchain RPC and session messenger egress
  • Harden identity against vishing and Adversary-in-the-Middle (AiTM) attacks



Source

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
Previous ArticleiCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days
Next Article Cybersecurity’s Economics Are Broken. Automation Alone Won’t Fix It
Team-CWD
  • Website

Related Posts

News

iCagenda and Balbooa Forms Joomla Flaws Reportedly Exploited as Zero-Days

July 17, 2026
News

CISA Mandates Urgent Patch for Actively Exploited Fortinet Flaws

July 17, 2026
News

Progress Tells ShareFile Customers to Shut Down Storage Zone Controllers Over Security Threat

July 17, 2026
Add A Comment
Leave A Reply Cancel Reply

Latest News

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views

Why SOC Burnout Can Be Avoided: Practical Steps

November 14, 20259 Views

Cyber M&A Roundup: Cyber Giants Strengthen AI Security Offerings

December 1, 20258 Views
Stay In Touch
  • Facebook
  • YouTube
  • TikTok
  • WhatsApp
  • Twitter
  • Instagram
Most Popular

North Korean Hackers Turn JSON Services into Covert Malware Delivery Channels

November 24, 202523 Views

macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Securi

September 7, 202517 Views

North Korean Hackers Target Crypto Firms with ClickFix and Zoom Lures

April 29, 202610 Views
Our Picks

Here’s how to avoid a ‘second strike’

April 11, 2026

How to help older family members avoid scams

October 31, 2025

Is Poshmark safe? How to buy and sell without getting scammed

February 19, 2026

Subscribe to Updates

Get the latest news from cyberwiredaily.com

Facebook X (Twitter) Instagram Pinterest
  • Home
  • Contact
  • Privacy Policy
  • Terms of Use
  • California Consumer Privacy Act (CCPA)
© 2026 All rights reserved.

Type above and press Enter to search. Press Esc to cancel.