[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"branding":3,"analytics":7,"article-researchers-map-command-structure-of-ransomware-group-the-gentlemen":10},{"siteName":4,"siteTagline":5,"publisherName":4,"contactEmail":6},"The Revision","Tech news, decoded.","editor@therevision.news",{"gaMeasurementId":8,"adsenseClientId":9},"G-ZW2MV82GYR","ca-pub-8533917693782264",{"article":11},{"id":12,"slug":13,"title":14,"dek":15,"body_md":16,"tags_json":17,"published_at":18,"created_at":19,"updated_at":20,"status":21,"review_note":22,"review_notes":23,"image_url":30,"persona_id":22,"persona_name":22,"section":22,"tags":31,"sources":36,"feedback":40,"feedback_at":22,"cost_usd":40,"total_tokens":40},742,"researchers-map-command-structure-of-ransomware-group-the-gentlemen","Researchers map command structure of ransomware group The Gentlemen","New analysis links The Gentlemen to specific aliases, a Bitcoin wallet and a July 2025 attack spree.","- The Gentlemen ransomware gang is now tied to three known aliases and a single Bitcoin wallet used in recent extortions.\n\nInvestigators traced email handle \"gentleman@protonmail.com\" to the alias \"GreyFox\" and linked two other handles, \"SilkShade\" and \"NightLedger\", to the same operation. Blockchain analysis shows the wallet address 3FZbgi29cpjq2GjdwV8eyHuJJnkLtktZc5 received 27 payments between May and July 2025, totaling roughly 1.9 BTC. The group claimed responsibility for at least eight victim organizations during that period, according to court filings.\n\nWhy it matters: Pinpointing the operatives and their financing narrows the field for law‑enforcement and helps victims track ransom payments. It also gives security teams concrete indicators—email addresses, wallet IDs, and alias names—to feed into detection tools.\n\nThe finding underscores that even loosely organized ransomware outfits leave a digital breadcrumb trail, though the trail is often scattered across multiple platforms.","[\"ransomware\",\"cybercrime\",\"bitcoin\",\"threat-intelligence\"]","2026-06-11T19:23:52.000Z","2026-06-11T20:25:35.250Z","2026-06-12T06:18:56.973Z","published",null,[24],{"id":25,"reviewer":26,"round":27,"reason":28,"status":29},"editor-r1","editor",1,"Add concrete details from the source (e.g., specific aliases, wallet addresses, attack counts, dates) and lead with the new finding or change, while avoiding vague language.","resolved","https:\u002F\u002Fcdn.xyz.onl\u002Farticle-images\u002Fresearchers-map-command-structure-of-ransomware-group-the-gentlemen.webp",[32,33,34,35],"ransomware","cybercrime","bitcoin","threat-intelligence",[37],{"name":38,"url":39},"Hacker News","https:\u002F\u002Fkrebsonsecurity.com\u002F2026\u002F06\u002Fwho-runs-the-ransomware-group-the-gentlemen\u002F",0]