On May 6, 2026, the ransomware group known as The Gentlemen publicly claimed responsibility for a cyberattack against Nostrum Corporation (nostrum.co.jp), a prominent Japanese technology firm. The threat actors have issued an ultimatum: enter negotiations or face the public release of sensitive corporate data. The incident was reported on May 7, 2026, and represents another escalation in The Gentlemen's targeting of high-profile Asian enterprises.

What Happened

The Gentlemen ransomware group added Nostrum Corporation to its data leak site on May 6, 2026, accompanied by a coercive statement: "The full leak will be published soon, unless a company representative contacts us via the channels provided." The post follows the standard double-extortion playbook, in which attackers exfiltrate sensitive information prior to (or in lieu of) encryption, then leverage the threat of disclosure to compel ransom payment. As of publication, Nostrum Corporation has not issued a public statement confirming the scope of the intrusion or whether negotiations have been initiated.

What Was Taken

The Gentlemen have not yet published samples or a full inventory of the exfiltrated material, instead reserving disclosure as leverage in their negotiation window. Based on the group's prior operations, stolen data sets typically include internal corporate documents, employee personally identifiable information (PII), customer records, financial files, intellectual property, and credential stores. Given Nostrum Corporation's footprint in the Japanese technology sector, any release could expose proprietary product information, partner agreements, and supply chain documentation with downstream impact on third parties.

Why It Matters

Japan continues to be a priority target for financially motivated ransomware crews seeking high-value victims with strong incentives to pay quickly. The Gentlemen's targeting of Nostrum signals continued attention to the Japanese technology vertical, where intellectual property and partner data carry significant black-market and competitive value. For defenders across the region, this incident reinforces the need to harden against double-extortion tactics, where backups alone are insufficient to neutralize the leverage attackers hold once data has been stolen.

The Attack Technique

The Gentlemen have not disclosed initial access vectors for the Nostrum intrusion, and no technical indicators of compromise have been released publicly at this stage. The group's known tradecraft typically includes exploitation of internet-facing services, abuse of stolen or weak credentials harvested from infostealer logs, phishing for initial access, and lateral movement using legitimate administrative tooling. Persistence is commonly maintained through scheduled tasks, modified services, and remote management software prior to staged exfiltration over encrypted channels.

What Organizations Should Do

• Launch a compromise assessment to identify any active footholds, exfiltration channels, or persistence mechanisms within the environment, particularly across remote access infrastructure and identity providers.
• Validate offline, immutable backups and confirm that restoration procedures have been tested end to end, ensuring recovery is viable without negotiating with the threat actor.
• Hunt for credentials linked to corporate domains in infostealer log dumps and dark web marketplaces, and force resets on any account flagged as exposed.
• Enforce phishing-resistant multi-factor authentication across VPN, email, and administrative accounts, and disable legacy authentication protocols that bypass MFA.
• Integrate ransomware leak site monitoring and threat intelligence feeds into the SIEM or XDR stack to surface mentions of corporate domains, executives, and supply chain partners in near real time.
• Engage qualified incident response counsel and digital forensics teams before initiating any communication with The Gentlemen or affiliated ransom brokers.

Sources: The Gentlemen Target Japan's Nostrum Corporation in Ransomware Attack - DeXpose