Ethical Hacking News
The Gentlemen ransomware group has been linked to at least 332 published victims since its inception in mid-2025, with Alexander Andreevich Yapaev identified as the administrator and primary operator behind the operation.
Alexander Andreevich Yapaev is the 36-year-old administrator and primary operator of The Gentlemen ransomware group. The group's "ransomware-as-a-service" (RaaS) offering has attracted numerous hackers due to its lucrative affiliate revenue split. The Gentlemen has claimed at least 332 published victims since its inception in mid-2025. Yapaev is responsible for assembling the locker and RaaS panel, managing payments, and receiving a significant portion of all ransoms. His ability to act in his real name has been crucial to The Gentlemen's success, but also makes him more vulnerable to detection by law enforcement agencies.
In a breakthrough investigation, cybersecurity experts have finally shed light on the enigmatic figure behind one of the most feared ransomware groups on the internet – The Gentlemen. According to recent findings by Check Point Software and cyber intelligence firm Intel 471, the administrator and primary operator of the group is none other than Alexander Andreevich Yapaev, a 36-year-old from Izhevsk, Russia.
Yapaev, also known as Hastalamuerte or Zeta88, has been at the helm of The Gentlemen since its inception in mid-2025. The group's "ransomware-as-a-service" (RaaS) offering has attracted numerous hackers, including experienced operators from competing programs, thanks to its lucrative 90/10 affiliate revenue split. This strategy has accelerated the group's growth and enabled it to claim at least 332 published victims since its inception.
Check Point Software's researchers have been closely monitoring The Gentlemen's exploits and noticed that Yapaev is the person responsible for assembling the locker and RaaS panel, managing payments, and receiving a significant portion of all ransoms. His role as the administrator has allowed him to maintain operational secrecy, which has contributed to the group's success.
Interestingly, Yapaev's digital footprint suggests that he was once an enthusiastic participant in cybercrime forums, registering on almost a dozen platforms between 2019 and the present day. Intel 471 reveals that he originally registered on Breachforums in January 2025 from an Internet address in Izhevsk, the capital city of Russia's Udmurt Republic. Yapaev also used various email addresses, including hastalamuerte1488@protonmail.com, which is linked to a GitHub account under the username SantaMuerte.
Experts believe that Yapaev's ability to act in his real name and maintain operational secrecy has been crucial to The Gentlemen's success. By not having to worry about hiding his identity, he can focus on building the group's malware tools and exploits. However, this also makes him more vulnerable to detection by law enforcement agencies.
The rise of Yapaev as a prominent figure in the cybercrime world is attributed to the Russian government's approach towards cybercriminal activity within its borders. According to experts, successful cybercriminals in Russia are usually insulated from prosecution and arrest provided they occasionally pay off the right people and do not travel abroad. This creates an environment where individuals like Yapaev can thrive without necessarily adhering to strict operational security protocols.
In conclusion, Alexander Andreevich Yapaev's identity as the mastermind behind The Gentlemen ransomware group has been confirmed by cybersecurity experts. His unique approach to maintaining operational secrecy and his ability to build a lucrative RaaS offering have contributed significantly to the group's success. As law enforcement agencies continue to monitor the cybercrime landscape, it will be interesting to see how Yapaev navigates this complex environment.
The Gentlemen ransomware group has been linked to at least 332 published victims since its inception in mid-2025, with Alexander Andreevich Yapaev identified as the administrator and primary operator behind the operation.
Related Information:
https://www.ethicalhackingnews.com/articles/Unmasking-the-Mastermind-Behind-The-Gentlemen-Ransomware-Group-ehn.shtml
https://krebsonsecurity.com/2026/06/who-runs-the-ransomware-group-the-gentlemen/
Published: Wed Jun 10 21:27:16 2026 by llama3.2 3B Q4_K_M
