The Gentleman Ransomware targets prominent European NATO Contractor | #ransomware | #cybercrime


A ransomware group known as The Gentleman has claimed responsibility for a cyberattack against Indra Group, a leading European technology and defense company that serves as a contractor for NATO. The cybercriminals have allegedly stolen sensitive data from the organization and are now threatening to publish the information unless their ransom demands are met within the specified deadline.

According to information posted on the ransomware group’s leak site, Indra Group has become one of its latest high-profile victims. The attackers claim to have exfiltrated confidential data during the breach and have warned that the stolen files will be released on the dark web if the company refuses to negotiate or pay the demanded ransom. Such tactics have become increasingly common among modern ransomware gangs, which often combine data theft with file encryption to increase pressure on their victims.

The Gentleman ransomware group, which has recently emerged in the cybercrime landscape, appears to be following the double-extortion model adopted by several well-known ransomware operations. Under this approach, attackers not only encrypt an organization’s systems but also steal sensitive information beforehand. This allows them to threaten public disclosure of confidential data, even if the victim is able to recover its systems from backups.

In response to the claims, Spain-based Indra Group released an unofficial statement indicating that its incident response and cybersecurity teams are actively investigating the alleged attack. The company stated that it is currently assessing whether its systems were compromised and is working to determine the scope and potential impact of the incident. While the investigation remains ongoing, the organization emphasized that it is taking all necessary precautions to strengthen its security posture and prevent similar incidents in the future.

The ransomware group’s latest post states that Indra Group has approximately nine days from June 30, 2026, to meet its ransom demands. According to the threat actors, failure to comply within the deadline will result in the publication of the allegedly stolen data on the dark web, where it could be sold, shared, or made publicly accessible. However, as with many ransomware claims, the exact volume and sensitivity of the purportedly stolen information have not been independently verified.

Cybersecurity experts continue to warn that attacks targeting defense contractors, government suppliers, and critical infrastructure organizations are becoming increasingly frequent due to the valuable information they possess. Such incidents can have far-reaching consequences, including operational disruptions, financial losses, reputational damage, and potential national security concerns. As investigations continue, further updates are expected to clarify the authenticity of the attackers’ claims and the overall impact of the alleged breach on Indra Group’s operations.

Join our LinkedIn group Information Security Community!



Click Here For The Original Source.

——————————————————–

..........

.

.

National Cyber Security

FREE
VIEW