Black & White Path

Apr 11, 2026 · Information Security

Inside the Exposed TheGentlemen Ransomware Toolkit on Proton66

In March 2026 Hunt.io researchers uncovered an open directory on the Russian bullet‑proof host Proton66 that contains the full TheGentlemen ransomware toolkit, complete with Mimikatz credential logs, ngrok tokens, and 21 MITRE ATT&CK techniques, providing a detailed view of the attackers' reconnaissance, privilege‑escalation, defense‑evasion, credential‑access, persistence, and encryption‑preparation stages.