The Gentlemen has become the second most active ransomware gang by victim count, claiming over 330 victims since launching in mid-2025. The group's aggressive recruitment strategy offers affiliates a 90/10 revenue split on ransoms, significantly higher than the industry standard, attracting experienced operators from competing programs.

Security researchers at Check Point Software and Intel 471 traced the administrator's online footprints across multiple cybercrime forums under the nicknames Zeta88 and Hastalamuerte. The investigation revealed Alexander Andreevich Yapaev, a 36-year-old from Izhevsk, Russia, who works as head of B2B marketing at Uralenergo Udmurtia. Digital breadcrumbs including Telegram IDs, phone numbers, and email addresses connected these personas.

The group targets Internet-facing devices like VPNs and firewalls as entry points, encrypting entire networks within hours. According to PRODAFT's findings, the administrator supplies affiliates with Fortinet SSL-VPN credentials obtained through brute-force attacks or purchased from leak databases. Notably, the operator uses AI to develop ransomware tooling and assist with post-exploitation activities.

Early forum posts from 2019-2020 show a relatively unsophisticated hacker still learning penetration testing tools, suggesting many cybercriminals make basic operational security mistakes during their formative years. The Russian government's tolerance of domestic cybercrime so long as it doesn't target Russian entities provides additional insulation for operators like Yapaev.