Ransomware Group "The Gentleman" Targets NATO Contractor Indra Group in Double-Extortion Attack
A newly emerged ransomware group, The Gentleman, has claimed responsibility for a cyberattack on Indra Group, a leading European technology and defense contractor with ties to NATO. The attackers allege they have stolen sensitive data from the company and are threatening to publish it on the dark web unless their ransom demands are met by July 9, 2026 nine days after the initial deadline set on June 30.
The group, which follows the double-extortion model, claims to have exfiltrated confidential files before encrypting Indra Group’s systems. This tactic, increasingly used by ransomware gangs, pressures victims by threatening both data leaks and operational disruptions. While the exact nature and volume of the stolen data remain unverified, the group has posted details of the breach on its leak site, warning of public disclosure if the ransom goes unpaid.
Indra Group, headquartered in Spain, has acknowledged the incident in an unofficial statement, confirming that its incident response and cybersecurity teams are investigating the claims. The company is assessing the scope of the breach and its potential impact while reinforcing security measures to prevent future attacks. No official confirmation of data theft or encryption has been provided as the investigation continues.
Cybersecurity experts note that defense contractors, government suppliers, and critical infrastructure providers are prime targets due to the high-value intelligence and operational data they hold. Such attacks can lead to operational disruptions, financial losses, reputational harm, and national security risks. The incident underscores the growing threat posed by ransomware groups employing data theft as leverage in extortion schemes.
Further updates are expected as the investigation progresses and the authenticity of the attackers’ claims is verified.
Indra Group TPRM report: https://www.rankiteo.com/company/indragroupukireland
"id": "ind1782973665",
"linkid": "indragroupukireland",
"type": "Ransomware",
"date": "7/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"
{'affected_entities': [{'industry': 'Technology and Defense',
'location': 'Spain',
'name': 'Indra Group',
'type': 'Defense Contractor'}],
'data_breach': {'data_encryption': 'Yes',
'data_exfiltration': 'Yes',
'sensitivity_of_data': 'High (potentially sensitive '
'defense-related data)',
'type_of_data_compromised': 'Confidential files'},
'description': 'A newly emerged ransomware group, The Gentleman, has claimed '
'responsibility for a cyberattack on Indra Group, a leading '
'European technology and defense contractor with ties to NATO. '
'The attackers allege they have stolen sensitive data and are '
'threatening to publish it on the dark web unless their ransom '
'demands are met. The group follows the double-extortion '
'model, exfiltrating confidential files before encrypting '
'Indra Group’s systems.',
'impact': {'brand_reputation_impact': 'Potential reputational harm',
'data_compromised': 'Confidential files allegedly stolen',
'operational_impact': 'Potential operational disruptions'},
'investigation_status': 'Ongoing',
'motivation': 'Extortion (Double-Extortion Model)',
'ransomware': {'data_encryption': 'Yes', 'data_exfiltration': 'Yes'},
'references': [{'source': 'Ransomware group leak site'}],
'response': {'communication_strategy': 'Unofficial statement acknowledging '
'the incident',
'enhanced_monitoring': 'Reinforcing security measures',
'incident_response_plan_activated': 'Yes'},
'threat_actor': 'The Gentleman',
'title': "Ransomware Group 'The Gentleman' Targets NATO Contractor Indra "
'Group in Double-Extortion Attack',
'type': 'Ransomware'}