Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Operation Gentlemen®

Operation Gentlemen® Vendor Cyber Rating & Cyber Score

operationgentlemen.com

501c3 nonprofit organization founded on the mission to "Bring Back the Gentlemen to Our Communities."​ True gentlemen support/give back their communities. Whether it's those experiencing homelessness, our veterans that fought for our freedom or mothers in crisis, Operation Gentlemen empowers our donors to take action to support their fellow citizens in need.


Operation Gentlemen® A.I CyberSecurity Scoring

Operation Gentlemen®
Company Information
Website:http://operationgentlemen.com
Employees number:2
Number of followers:57
NAICS:8132
Industry Type:Philanthropic Fundraising Services
Homepage:operationgentlemen.com
Operation Gentlemen® Risk Score (AI oriented)
Between 650 and 699
logo
Operation Gentlemen®Philanthropic Fundraising Services
Updated:
11/06/2026
661/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Operation Gentlemen® Global Score (TPRM)
xxxx
logo
Operation Gentlemen®Philanthropic Fundraising Services
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Operation Gentlemen®
Operation Gentlemen®Weak
Current Score
661B (WEAK)
01000
1 incidents
-105 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
662Before Incident
JUNE 2026
661Before Incident
MAY 2026
660Before Incident
APRIL 2026
761Before Incident
Ransomware
01 Apr 2026Operation Gentlemen®
The Gentlemen, Medusa and Cisco: The Gentlemen Ransomware Claims 478 Victims, Can Spread Like a Worm

The Gentlemen Ransomware Operation: A Rising Threat with AI and RaaS Roots

656After Incident
CRITICAL-105
MEDCISOPE1781209579
The Gentlemen Ransomware Operation: A Rising Threat with AI and RaaS Roots A new analysis by PRODAFT has uncovered the evolution of The Gentlemen, a financially motivated ransomware group that began as an affiliate for established ransomware-as-a-service (RaaS) operations like LockBit, Qilin, and Medusa before launching its own independent program in July 2025. Tracked as Phantom Mantis, the group is led by a Russian-speaking cybercriminal known as LARVA-368 a 36-year-old identified as Alexander Andreevich Yapaev from Izhevsk, Russia, with aliases including hastalamuerte, ArmCorp, and santamuerte. Since its inception, The Gentlemen has claimed 478 victims, with a surge in activity making it one of the most prolific ransomware actors, responsible for 10% of global ransomware incidents in April 2026. The group’s transition to independence followed a payment dispute with Qilin, where LARVA-368 accused the RaaS operator of an exit scam, allegedly defrauding affiliates of $48,000. PRODAFT noted that Phantom Mantis may have spread disinformation to recruit Qilin affiliates by discrediting the group. The Gentlemen operates with a sophisticated infrastructure, leveraging AI for ransomware development, tool maintenance, and post-exploitation procedures. Its affiliate program offers a 90/10 profit split, attracting partners with aggressive incentives. Affiliates must provide at least 1GB of stolen victim data to access the panel, a tactic designed to block researchers and law enforcement. The group supports multiple ransomware variants, including Windows, Linux, ESXi, and LVM-targeting strains, and uses open-source messaging platforms like Tox and SimpleX Chat for communication. Initial access is typically gained through vulnerable edge devices particularly Cisco and Fortinet FortiGate systems followed by Active Directory exploitation using tools like NetExec, RelayKing, and PrivHound. The ransomware employs a hybrid encryption scheme (X25519 key exchange with XChaCha20) and can self-propagate as a worm when executed with the `--spread` argument. Microsoft, tracking the group as Storm-2697, noted that the Go-based malware is obfuscated with Garble and can wipe recoverable artifacts when run with the `--wipe` flag. The Gentlemen’s attacks exhibit a high degree of adaptability, with dwell times ranging from two to six weeks. The group targets VMware infrastructure and employs multi-channel extortion, combining ransomware with email and phone-based pressure tactics. A recent leak of the group’s internal Rocket.Chat database spanning November 2025 to April 2026 revealed a structured criminal enterprise with clear role divisions, exploiting vulnerabilities like CVE-2024-55591, CVE-2025-32433, and CVE-2025-33073. In March 2026, an exposed toolkit on a Russian bulletproof host further exposed the group’s full intrusion lifecycle, from reconnaissance to encryption. Victim distribution is global, with only 13% in the U.S., while the majority are concentrated in Thailand, the U.K., Brazil, Germany, and India. The group’s rapid development cycle was demonstrated in April 2026 when it released a same-day patch after a decryptor was made public. With roots dating back to at least 2020 including prior affiliations with the Embargo ransomware group LARVA-368’s expertise has positioned The Gentlemen as a formidable and evolving threat in the cybercrime landscape.
INCIDENT DETAILS -
TYPE
Ransomware
MOTIVATION
Financial gain
IMPACT
Data Compromised: 1GB+ of stolen victim data (minimum requirement for affiliates)WindowsLinuxESXiLVMOperational Impact: Multi-channel extortion (ransomware, email, phone-based pressure tactics)
DATA BREACH
Type Of Data Compromised: Stolen victim data (including sensitive corporate information)Sensitivity Of Data: High (used for extortion)
MARCH 2026
761Before Incident
FEBRUARY 2026
761Before Incident
JANUARY 2026
761Before Incident
DECEMBER 2025
761Before Incident
NOVEMBER 2025
761Before Incident
OCTOBER 2025
761Before Incident
SEPTEMBER 2025
761Before Incident
AUGUST 2025
761Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Operation Gentlemen® ?
?
What was Operation Gentlemen®'s A.I Rankiteo Cyber Score in June 2026 ?
?
What was Operation Gentlemen®'s A.I Rankiteo Cyber Score in May 2026 ?
?
What was Operation Gentlemen®'s A.I Rankiteo Cyber Score in April 2026 ?
?
What was Operation Gentlemen®'s A.I Rankiteo Cyber Score in March 2026 ?
?
What was Operation Gentlemen®'s A.I Rankiteo Cyber Score in February 2026 ?
?
What was Operation Gentlemen®'s A.I Rankiteo Cyber Score in January 2026 ?
?
What was Operation Gentlemen®'s A.I Rankiteo Cyber Score in December 2025 ?
?
What was Operation Gentlemen®'s A.I Rankiteo Cyber Score in November 2025 ?
?
What was Operation Gentlemen®'s A.I Rankiteo Cyber Score in October 2025 ?
?
What was Operation Gentlemen®'s A.I Rankiteo Cyber Score in September 2025 ?
?
What was Operation Gentlemen®'s A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Operation Gentlemen®'s A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Operation Gentlemen® ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Operation Gentlemen®'s profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?
Operation Gentlemen® Cyber Scoring History | Rankiteo