Red Hot Cyber, The cybersecurity news

Red Hot Cyber

Cybersecurity is about sharing. Recognize the risk, combat it, share your experiences, and encourage others to do better than you.
Select language
Spanish Italian
Search

The Gentlemen Ransomware: An Emerging Dark Web Threat Analysis

Pietro Melillo : 9 September 2025 22:04

In Q3 2025, a new ransomware group, identified as The Gentlemen, was observed launching its own Data Leak Site (DLS) on the Tor network.

The group’s infrastructure and operational methods indicate a medium-high level of organization, with a particular focus on image management and operational security. The Gentlemen’s DLS is accessible via a .onion address and looks like this:

  • Minimalist homepage with logo, motto and consistent branding.
  • TOX ID Public for encrypted P2P communications, likely used for negotiations.
  • Redundant QR code to facilitate access to contacts.
  • Section dedicated to victims, organized into tabs with descriptions and references to exfiltrated data.

The absence of superfluous features and the choice of decentralized protocols reduce the attack surface against their infrastructure.

Victimology

The victims observed belong to sectors with high strategic value:

  • Manufacturing/Automotive (EU)
  • Technology services/IT consulting (Asia)
  • Energy and Telecommunications (global)

The approach suggests a strategy aimed at entities with low tolerance for disruption and strong reputational exposure.

Distinguishing Factors

  • Strong branding: Consistent visual style and naming that aims to differentiate itself from chaotic groups.
  • Strengthened OpSec: Use of TOX instead of centralized portals.
  • Modular DLS: Scalable structure, ready to accommodate a growing number of victims.

Final thoughts

The debut of The Gentlemen confirms that the ransomware landscape is constantly evolving. The attention to detail, the construction of a clean and functional DLS, and the selection of targets in the most profitable industrial sectors suggest that this group is not an improvised initiative, but the result of an organization with consolidated resources and expertise.

For companies, the lesson is clear: strengthening network defenses and incident response processes is now essential, especially in those sectors that represent a primary target for next-generation malicious actors.

Pietro Melillo
Head of the Dark Lab group. A Computer Engineer specialised in Cyber Security with a deep passion for Hacking and technology, currently CISO of WURTH Italia, he was responsible for Cyber Threat Intelligence & Dark Web analysis services at IBM, carries out research and teaching activities on Cyber Threat Intelligence topics at the University of Sannio, as a Ph.D, author of scientific papers and development of tools to support cybersecurity activities. Leads the CTI Team "RHC DarkLab"

Lista degli articoli