Cyber security researchers have reported a significant increase in global ransomware activity, with a relatively new threat group known as the Gentlemen rapidly emerging as one of the world’s most active cyber crime operations. According to the latest findings from Check Point Software, the group was responsible for 17% of all publicly reported ransomware attacks during June, making it the most active ransomware operator for the month.
The latest figures suggest that ransomware attacks are increasing again after a quieter period, with businesses, government agencies, educational institutions, and critical industries all experiencing higher levels of malicious activity.
Global Cyber Attacks Return to an Upward Trend
Researchers observed that cyber attacks increased by more than 10% during June, ending the slower activity recorded in the previous month. Rather than concentrating on one specific industry or region, attackers expanded their operations across multiple sectors and countries simultaneously.
Security analysts believe this broader pattern indicates that cyber criminals are becoming more organised, allowing ransomware operations to scale their campaigns while targeting a wider range of potential victims.
The Gentlemen Becomes the Most Active Ransomware Group
One of the biggest developments during June was the rapid rise of the Gentlemen, a ransomware-as-a-service (RaaS) operation that overtook previously dominant groups to become the most active ransomware threat tracked during the month.
Cyber security experts say the group’s rapid growth demonstrates how quickly new criminal operations can establish themselves within the ransomware ecosystem. Instead of building every capability from scratch, many modern ransomware groups rely on shared infrastructure, specialised affiliates, and existing underground networks to accelerate attacks.
Researchers have also noted that The Gentlemen displays a level of technical sophistication usually associated with more experienced threat actors.
Education, Government and Telecom Remain High-Risk Targets
The report highlights education as the most heavily targeted sector worldwide, with schools, colleges, and universities continuing to experience a high volume of cyber attacks.
Government organisations and telecommunications providers also remained among the most frequently targeted industries, reflecting the value attackers place on organisations responsible for essential public services and critical communications infrastructure.
Experts warn that sectors handling large amounts of sensitive information continue to attract ransomware operators looking for financial gain and operational disruption.
Regional Attack Levels Continue to Rise
Several regions recorded noticeable increases in cyber activity during June. Latin America experienced one of the largest jumps in weekly attacks, while Europe and North America also reported significant year-over-year growth.
Researchers believe this demonstrates that ransomware campaigns are no longer focused on a limited number of countries. Instead, attackers are increasingly searching for vulnerable organisations regardless of their location.
AI Adoption Introduces New Security Challenges
The report also highlights growing concerns around the use of generative AI within organisations. Researchers found that many businesses continue to submit confidential information to AI-powered tools, creating additional risks for sensitive corporate data.
Industries such as healthcare, telecommunications, business services, and IT recorded higher levels of AI-related exposure, emphasising the importance of implementing clear policies for the safe use of generative AI platforms in the workplace.
Cyber security professionals recommend educating employees about responsible AI usage while limiting the sharing of confidential business information with external AI services.
Organisations Urged to Strengthen Cyber Defences
As ransomware activity continues to evolve, security specialists recommend that organisations regularly update software, strengthen access controls, maintain offline backups, and continuously monitor their networks for suspicious behaviour.
Building a strong incident response plan and improving employee cyber awareness remain two of the most effective ways to reduce the impact of modern ransomware attacks.
Why Businesses Should Pay Attention
The rapid emergence of the Gentlemen illustrates how quickly the cyber threat landscape can change. Even as established ransomware groups decline, new operators continue to appear with increasingly advanced capabilities.
For businesses, government organisations, and critical infrastructure providers, maintaining strong cyber security practices is becoming more important than ever as ransomware groups expand both their technical capabilities and global reach.
Frequently Asked Questions
Who is the Gentlemen ransomware group?
The Gentlemen is a ransomware-as-a-service operation that became the most active ransomware group during June, accounting for around 17% of reported attacks.
Which industries are most at risk?
Education, government, telecommunications, healthcare, and other organisations handling sensitive information remain frequent ransomware targets.
How can organisations reduce ransomware risks?
Businesses should keep systems updated, strengthen access controls, maintain secure backups, monitor networks, and train employees to recognise cyber threats.
