A cybercrime group often called The Gents has emerged because the second most energetic ransomware gang by sufferer rely, quickly attracting a proficient pool of hackers by way of an aggressive recruitment technique that guarantees associates 90 p.c of any ransom paid by victims. This put up examines clues pointing to an actual life id for the administrator of The Gents ransomware group.
A graphic created and shared by The Gents ransomware group administrator Hastalamuerte on Breachforums in Could 2026. Credit score: ke-la.com.
Specialists on the safety agency Test Level Software program have been carefully masking exploits of The Gents, a so-called “ransomware-as-a-service” (RaaS) providing that pays associates handsomely to assist unfold the group’s malware.
“A 90/10 affiliate income break up — in comparison with the business customary 80/20 — is accelerating the group’s progress by attracting skilled operators from competing packages,” the researchers wrote in April.
Test Level discovered The Gents are the second most energetic ransomware group by sufferer rely to this point this 12 months, claiming at the least 332 printed victims because the group’s inception in mid-2025 and greater than 240 in 2026 alone.
In line with Test Level, the group targets Web-facing gadgets (VPNs, firewalls) as their entry level, and as soon as inside strikes shortly to encrypt whole networks inside hours.
Test Level says the administrator and first operator of the ransomware group makes use of the nickname Zeta88 on the Russian-language cybercrime boards, and that this particular person was beforehand recognized below the moniker Hastalamuerte. Test Level famous that a breach of the group’s backend infrastructure made it clear that Hastalamuerte/Zeta88 is the one that assembles the locker and RaaS panel, manages funds, and is actually the administrator of your entire program who receives 10 p.c of all ransoms.
WHO IS HASTALAMUERTE?
The cyber intelligence agency Intel 471 reveals that the person Hastalamuerte is a Russian and English talking one that registered on virtually a dozen cybercrime boards between 2019 and the current day, together with Exploit, Breachforums, Ramp_V2, BHF, Raidforums, and Nulled.
Intel 471 reveals that Hastalamuerte registered on Breachforums in January 2025 from an Web deal with in Izhevsk, the capital metropolis of Russia’s Udmurt Republic. Likewise, the person Zeta88 signed up on the English-language cybercrime discussion board Breached in August 2022 from a unique Web deal with in Izhevsk.
Intel 471 finds Hastalamuerte registered on Raidforums in 2020 utilizing the e-mail deal with hastalamuerte1488@protonmail.com (1488 is a typical mixture of two numeric symbols related to white supremacy). A lookup on this deal with on the open supply intelligence service Epieos reveals it’s linked to an account at Apple and to a telephone quantity ending in 04.
Epieos says that Protonmail deal with can also be linked to a GitHub account below the username SantaMuerte. That account is marked personal, however a historical past of this person’s exercise reveals they’re watching and creating a variety of malware instruments and exploits.
In April 2020, Hastalamuerte stated on the crime discussion board Nulled that they could possibly be contacted on the Telegram prompt messenger identify @hastalamuerte18, and the risk intelligence firm Flashpoint finds this username is assigned the distinctive Telegram ID quantity 30907522 [full disclosure: Flashpoint is an advertiser on this blog].
The breach monitoring service Constella Intelligence experiences that Hastalamuerte’s Telegram ID is linked to a different username — “bu4vs” — and to the Russian telephone quantity 79127650004. Pivoting on this telephone quantity in Constella fetches a number of data from hacked Russian authorities databases displaying it’s assigned to 1 Alexander Andreevich Yapaev, a 36-year-old from Izhevsk.
Constella reveals that telephone quantity was used to create an account on the Russian social media platform Pikabu below the identify “4apai18,” and reveals Mr. Yapaev has signed up at a variety of web sites utilizing the widespread surname Ivanov, or else “Chapaev” (the numeral 4 is commonly used as shorthand for a “ch” sound in Russian).
A search in Intel 471 for cybercrime discussion board members with the nickname SantaMeurte finds an account by the identical identify created in 2020 on the Russian hacking discussion board Codeby. Intel 471 reveals this person initially registered on Codeby with the not-so-subtle nickname Alexandr 4apaev.
Constella finds Mr. Yapaev usually used the e-mail deal with bu4vs@mail.ru. In the meantime, Epieos reveals this deal with is linked to a LinkedIn account for Alexander Yapaev, who lists himself as the pinnacle of B2B advertising and marketing on the firm Uralenergo Udmurtia, one among Russia’s largest suppliers of electrotechnical and lighting merchandise.
Mr. Yapaev didn’t reply to a number of requests for remark.
Practically each time we publish one among these Breadcrumbs tales, readers are curious to know why it looks as if so many cybercriminals from Russia apparently do little to cover their actual life identities. The reality is that — Russian or not — most didn’t precisely got down to be arch criminals, however as an alternative obtained drawn into the scene step by step over a number of years as their abilities broadened and sharpened.
One other essential dynamic is that the Russian authorities usually both co-opts or ignores cybercriminal exercise inside its border as long as the hackers don’t steal from or assault Russian companies and residents. Because of this, profitable cybercriminals in Russia are often insulated from prosecution and arrest by overseas legislation enforcement businesses offered they sometimes repay the best folks and don’t journey overseas. And cybercriminals who intend to strictly adhere to these unwritten guidelines could (at the least initially) be much less involved about masking their tracks on-line.
However the easiest clarification is that cybercriminals of all nationalities are inclined to make a variety of fundamental operational safety errors early of their careers, when they’re much less savvy and have far much less to lose by their carelessness. A evaluate of Hastalamuerte’s early posts on the crime boards (circa 2019-2020) reveals a comparatively unsophisticated and low-skilled hacker nonetheless making an attempt to study the ropes and earn a constructive repute on these communities.
For instance, in June 2020 Hastalamuerte’s Telegram account joined a multi-month coaching program (@pntst) to discover ways to use standard penetration testing instruments, and their candid posts to this hacker coaching camp present Hastalamuerte struggling to make use of these instruments successfully. A Google-translated file of Hastalmuerte’s posts to @pntst is right here.
![How creators and entrepreneurs are utilizing AI to hurry up & succeed [data]](https://blog.aimactgrow.com/wp-content/uploads/2025/06/Untitled20design-Apr-07-2023-08-24-35-4586-PM-120x86.png)
