The Ransomware Race: A New Threat Emerges

According to a recent investigation by Krebs on Security, a ransomware group called The Gentlemen has quickly climbed to become the second most active such gang by victim count. This group pays its affiliates a bigger cut of the ransom than usual, which has attracted experienced hackers from other criminal operations.

For Australian small and mid-sized businesses, this trend matters because ransomware attacks are becoming more frequent, more aggressive, and harder to defend against. When a group like The Gentlemen can recruit top talent by offering higher payouts, every business becomes a potential target.

Why a 90/10 Split Matters for Cybersecurity

The traditional ransomware business model gives affiliates 80 percent of the ransom. The Gentlemen offers 90 percent. That extra 10 percent is a powerful lure. It means skilled attackers who used to work for other gangs now bring their expertise to this new group.

These affiliates are not amateurs. They know how to break into networks through exposed VPNs and firewalls, then lock down entire systems in hours. For Australian businesses that rely on remote access and cloud tools, this speed is dangerous. A single misconfigured device can become an open door.

What This Means for Australian SMBs

Australian SMBs often lack the dedicated security teams that larger corporations have. This makes them attractive targets for ransomware groups that operate like efficient businesses. The Gentlemen’s focus on internet-facing devices means any business that uses remote access or cloud services needs to pay attention.

Local businesses also face unique risks. Many Australian SMBs rely on managed service providers or simple IT setups. A ransomware attack can stop operations for days or weeks, costing revenue and customer trust. The rise of aggressive recruitment in the cybercrime world means no business is too small to be overlooked.

What You Can Do Now

  • Update and secure all internet-facing devices, especially VPNs and firewalls, with the latest patches and strong passwords.
  • Enable multi-factor authentication on every remote access point, including email and cloud services.
  • Back up critical data daily to an offline or separate location that cannot be encrypted by ransomware.
  • Train staff to recognize phishing emails and suspicious links — human error is still the most common entry point.
  • Review your incident response plan so your team knows exactly what to do if a ransomware attack locks your systems.

At MS&VG, we help Australian small and mid-sized businesses build practical defences against evolving cyber threats like ransomware. From simple security audits to managed protection, our team works with you to keep your data safe and your operations running.