{"id":13643,"date":"2026-06-16T10:03:40","date_gmt":"2026-06-16T10:03:40","guid":{"rendered":"https:\/\/serisec.com\/index.php\/2026\/06\/16\/ransomware-ecosystem-consolidates-around-lockbit-alumni-qilin-hyflock-and-the-gentlemen\/"},"modified":"2026-06-16T10:03:40","modified_gmt":"2026-06-16T10:03:40","slug":"ransomware-ecosystem-consolidates-around-lockbit-alumni-qilin-hyflock-and-the-gentlemen","status":"publish","type":"post","link":"https:\/\/serisec.com\/index.php\/2026\/06\/16\/ransomware-ecosystem-consolidates-around-lockbit-alumni-qilin-hyflock-and-the-gentlemen\/","title":{"rendered":"Ransomware Ecosystem Consolidates Around LockBit Alumni, Qilin, Hyflock, and The Gentlemen"},"content":{"rendered":"<p>    Ransomware Ecosystem Consolidates Around LockBit Alumni, Qilin, Hyflock, and The Gentlemen<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n    <!-- no image --><br \/>\n \t<BR><br \/>\n<BR><\/BR><\/p>\n<div>\n<p class=\"wp-block-paragraph\">The global ransomware landscape shifted noticeably in the first quarter of 2026, as former operators from well-known criminal groups began launching their own competing programs. <\/p>\n<p class=\"wp-block-paragraph\">Data leak sites tracked 2,122 new victims during Q1 2026, making it the second-highest first-quarter total on record. Despite years of sustained law enforcement action, the ransomware business is clearly not slowing down.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/3044afc4-99df-4610-8568-93c4398f6870\/Ransomware-Ecosystem-Consolidates-Around-LockBit-Alumni-Qilin-Hyflock-and-The-Gentlemen.pdf?AWSAccessKeyId=ASIA2F3EMEYE6EZ6GC45&amp;Signature=PvI76ZaeyxJnIOLHdXaJWH68VlY%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEKL%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDnTePoyQkW4w3GKv3NlP98WIi2qQNo3mpdiOYdOoKoOwIgR4QqtpXLFPFi28yxbPtrpoo5xkmg8CROSNPZz78C3wkq8wQIaxABGgw2OTk3NTMzMDk3MDUiDJ7SkrPbMZ9RPlPrkyrQBFkR3jFJbNi2BYCuDxwwa03IxnZu%2B71RmCtQQhrgPCBVhDFvtmF%2FZENx6dZz8Bb3xncOiUfr%2B0hBc5DPZjSyC8z2Cye3dCQK83QuguHADcJk93zEQoetsKaCbKOpmBUal9rjebfIDF8kL%2BZvp%2FTHLAr9LvBDMkihnzNx9NJVrp9iyskLOd%2BV4QPSijYdeTPqPpISQaPE%2BxUSJ1Ord0DUJnUmIfxyF5RUzpfhpBwj%2BxOa72htdoT%2BwHPhEYTeU3jWYUb7igOyoNwjAqOBruournsuPKURwCX7aebglrYdJ%2FqjQA5i9Rb0PozejxGg9bvGw0%2B76BoePoqVVZqJD%2BgJ83gVWVMg0mmrv8DQWZq8CGMEUYxnCqHoTXC02QlrydY2uGju%2FwuN67DLqrB1Y7G3fMPDWllAeZSqZTkYRLkrNLBjb27oWt0LMf2uORjgfCTf16IMkRkyfFcpeDsxyLfHHPyj1zPFltrrVLLVwwxtAKEscvytv17%2FpZJmuo7ngeo0eqBIywNTUnWZGV0rl72ifBVKadLlawbJ37aRdJ43PIiOlPTmHbgRgrM2788RTcVnqJjGe857dxtPASEa%2BgGjrAKnUBHvDxKj8qyqcBAPWAAQTHyF0Kqfq6bvvyxJLhH5bkq5qxxBgr7AFfzWlMimaCX1FGjWYSSPg8FTuScA1DfH4mjokI8%2FJUH7KGYa8r4v2QQ7fz6YFN8c7y%2B4STZfC4AUmM71GKeCHvMJsr2StavZoYPAsPgD6ngzH44VbljNUvLv6LPiTkBwjtk3AbmLkV8w0drC0QY6mAECEjI2x9XJ3FkKpUtzi4M4UjzKnkYlnYOCuSccj8d0hxXSOOiJoHdHyxF8cCNWv6HWzl9NWSEg306SlPMKE1%2BMT%2BFI8oVeIDHLigtaRZiGtXnv%2FtNfriPm6hd4LXP0QsvcfOeTp1%2FQNrzt31TEE0bS5ueRplI6yd90ucv9k0%2B3UBD%2FQnnX0A2kxbuC6Dr6ot%2FH%2BUHVBWSdZQ%3D%3D&amp;Expires=1781578532\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">Two new ransomware-as-a-service programs, Hyflock and The Gentlemen, emerged as the most talked-about entries of the quarter. Both appeared in quick succession in May 2026, with operators publicly recruiting affiliates on known dark web forums. <\/p>\n<p class=\"wp-block-paragraph\">What made their arrivals notable was the lineage being claimed: direct connections to LockBit and Qilin, two of the most active ransomware groups in recent history.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/3044afc4-99df-4610-8568-93c4398f6870\/Ransomware-Ecosystem-Consolidates-Around-LockBit-Alumni-Qilin-Hyflock-and-The-Gentlemen.pdf?AWSAccessKeyId=ASIA2F3EMEYE6EZ6GC45&amp;Signature=PvI76ZaeyxJnIOLHdXaJWH68VlY%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEKL%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDnTePoyQkW4w3GKv3NlP98WIi2qQNo3mpdiOYdOoKoOwIgR4QqtpXLFPFi28yxbPtrpoo5xkmg8CROSNPZz78C3wkq8wQIaxABGgw2OTk3NTMzMDk3MDUiDJ7SkrPbMZ9RPlPrkyrQBFkR3jFJbNi2BYCuDxwwa03IxnZu%2B71RmCtQQhrgPCBVhDFvtmF%2FZENx6dZz8Bb3xncOiUfr%2B0hBc5DPZjSyC8z2Cye3dCQK83QuguHADcJk93zEQoetsKaCbKOpmBUal9rjebfIDF8kL%2BZvp%2FTHLAr9LvBDMkihnzNx9NJVrp9iyskLOd%2BV4QPSijYdeTPqPpISQaPE%2BxUSJ1Ord0DUJnUmIfxyF5RUzpfhpBwj%2BxOa72htdoT%2BwHPhEYTeU3jWYUb7igOyoNwjAqOBruournsuPKURwCX7aebglrYdJ%2FqjQA5i9Rb0PozejxGg9bvGw0%2B76BoePoqVVZqJD%2BgJ83gVWVMg0mmrv8DQWZq8CGMEUYxnCqHoTXC02QlrydY2uGju%2FwuN67DLqrB1Y7G3fMPDWllAeZSqZTkYRLkrNLBjb27oWt0LMf2uORjgfCTf16IMkRkyfFcpeDsxyLfHHPyj1zPFltrrVLLVwwxtAKEscvytv17%2FpZJmuo7ngeo0eqBIywNTUnWZGV0rl72ifBVKadLlawbJ37aRdJ43PIiOlPTmHbgRgrM2788RTcVnqJjGe857dxtPASEa%2BgGjrAKnUBHvDxKj8qyqcBAPWAAQTHyF0Kqfq6bvvyxJLhH5bkq5qxxBgr7AFfzWlMimaCX1FGjWYSSPg8FTuScA1DfH4mjokI8%2FJUH7KGYa8r4v2QQ7fz6YFN8c7y%2B4STZfC4AUmM71GKeCHvMJsr2StavZoYPAsPgD6ngzH44VbljNUvLv6LPiTkBwjtk3AbmLkV8w0drC0QY6mAECEjI2x9XJ3FkKpUtzi4M4UjzKnkYlnYOCuSccj8d0hxXSOOiJoHdHyxF8cCNWv6HWzl9NWSEg306SlPMKE1%2BMT%2BFI8oVeIDHLigtaRZiGtXnv%2FtNfriPm6hd4LXP0QsvcfOeTp1%2FQNrzt31TEE0bS5ueRplI6yd90ucv9k0%2B3UBD%2FQnnX0A2kxbuC6Dr6ot%2FH%2BUHVBWSdZQ%3D%3D&amp;Expires=1781578532\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\"><a href=\"https:\/\/flare.io\/learn\/resources\/blog\/ransomware-as-a-service-lockbit-alumni-launch-competing-programs-as-ecosystem-co\" id=\"https:\/\/flare.io\/learn\/resources\/blog\/ransomware-as-a-service-lockbit-alumni-launch-competing-programs-as-ecosystem-co\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Flare\u00a0said in a report<\/a> shared with Cyber Security News (CSN) that operators claiming former LockBit and Qilin experience are now launching independent programs, carrying institutional knowledge of encryption infrastructure, ransom negotiation, and affiliate management into brand-new criminal ventures. <\/p>\n<p class=\"wp-block-paragraph\">Flare noted that although these lineage claims are self-reported and cannot be independently verified, the operational detail in the recruitment posts suggests experience that is very hard to fake.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/3044afc4-99df-4610-8568-93c4398f6870\/Ransomware-Ecosystem-Consolidates-Around-LockBit-Alumni-Qilin-Hyflock-and-The-Gentlemen.pdf?AWSAccessKeyId=ASIA2F3EMEYE6EZ6GC45&amp;Signature=PvI76ZaeyxJnIOLHdXaJWH68VlY%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEKL%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDnTePoyQkW4w3GKv3NlP98WIi2qQNo3mpdiOYdOoKoOwIgR4QqtpXLFPFi28yxbPtrpoo5xkmg8CROSNPZz78C3wkq8wQIaxABGgw2OTk3NTMzMDk3MDUiDJ7SkrPbMZ9RPlPrkyrQBFkR3jFJbNi2BYCuDxwwa03IxnZu%2B71RmCtQQhrgPCBVhDFvtmF%2FZENx6dZz8Bb3xncOiUfr%2B0hBc5DPZjSyC8z2Cye3dCQK83QuguHADcJk93zEQoetsKaCbKOpmBUal9rjebfIDF8kL%2BZvp%2FTHLAr9LvBDMkihnzNx9NJVrp9iyskLOd%2BV4QPSijYdeTPqPpISQaPE%2BxUSJ1Ord0DUJnUmIfxyF5RUzpfhpBwj%2BxOa72htdoT%2BwHPhEYTeU3jWYUb7igOyoNwjAqOBruournsuPKURwCX7aebglrYdJ%2FqjQA5i9Rb0PozejxGg9bvGw0%2B76BoePoqVVZqJD%2BgJ83gVWVMg0mmrv8DQWZq8CGMEUYxnCqHoTXC02QlrydY2uGju%2FwuN67DLqrB1Y7G3fMPDWllAeZSqZTkYRLkrNLBjb27oWt0LMf2uORjgfCTf16IMkRkyfFcpeDsxyLfHHPyj1zPFltrrVLLVwwxtAKEscvytv17%2FpZJmuo7ngeo0eqBIywNTUnWZGV0rl72ifBVKadLlawbJ37aRdJ43PIiOlPTmHbgRgrM2788RTcVnqJjGe857dxtPASEa%2BgGjrAKnUBHvDxKj8qyqcBAPWAAQTHyF0Kqfq6bvvyxJLhH5bkq5qxxBgr7AFfzWlMimaCX1FGjWYSSPg8FTuScA1DfH4mjokI8%2FJUH7KGYa8r4v2QQ7fz6YFN8c7y%2B4STZfC4AUmM71GKeCHvMJsr2StavZoYPAsPgD6ngzH44VbljNUvLv6LPiTkBwjtk3AbmLkV8w0drC0QY6mAECEjI2x9XJ3FkKpUtzi4M4UjzKnkYlnYOCuSccj8d0hxXSOOiJoHdHyxF8cCNWv6HWzl9NWSEg306SlPMKE1%2BMT%2BFI8oVeIDHLigtaRZiGtXnv%2FtNfriPm6hd4LXP0QsvcfOeTp1%2FQNrzt31TEE0bS5ueRplI6yd90ucv9k0%2B3UBD%2FQnnX0A2kxbuC6Dr6ot%2FH%2BUHVBWSdZQ%3D%3D&amp;Expires=1781578532\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">The backdrop is Operation Cronos, <a href=\"https:\/\/cybersecuritynews.com\/lockbits-admin-panel-leak\/\" id=\"111070\" target=\"_blank\" rel=\"noreferrer noopener\">the law enforcement action that seized LockBit\u2019s infrastructure<\/a> in February 2024. That takedown scattered a large pool of skilled affiliates who were essentially independent contractors with nowhere to go. <\/p>\n<p class=\"wp-block-paragraph\">Two years on, those contractors appear to have regrouped and are now building their own operations instead of waiting for the old ones to recover.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/3044afc4-99df-4610-8568-93c4398f6870\/Ransomware-Ecosystem-Consolidates-Around-LockBit-Alumni-Qilin-Hyflock-and-The-Gentlemen.pdf?AWSAccessKeyId=ASIA2F3EMEYE6EZ6GC45&amp;Signature=PvI76ZaeyxJnIOLHdXaJWH68VlY%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEKL%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDnTePoyQkW4w3GKv3NlP98WIi2qQNo3mpdiOYdOoKoOwIgR4QqtpXLFPFi28yxbPtrpoo5xkmg8CROSNPZz78C3wkq8wQIaxABGgw2OTk3NTMzMDk3MDUiDJ7SkrPbMZ9RPlPrkyrQBFkR3jFJbNi2BYCuDxwwa03IxnZu%2B71RmCtQQhrgPCBVhDFvtmF%2FZENx6dZz8Bb3xncOiUfr%2B0hBc5DPZjSyC8z2Cye3dCQK83QuguHADcJk93zEQoetsKaCbKOpmBUal9rjebfIDF8kL%2BZvp%2FTHLAr9LvBDMkihnzNx9NJVrp9iyskLOd%2BV4QPSijYdeTPqPpISQaPE%2BxUSJ1Ord0DUJnUmIfxyF5RUzpfhpBwj%2BxOa72htdoT%2BwHPhEYTeU3jWYUb7igOyoNwjAqOBruournsuPKURwCX7aebglrYdJ%2FqjQA5i9Rb0PozejxGg9bvGw0%2B76BoePoqVVZqJD%2BgJ83gVWVMg0mmrv8DQWZq8CGMEUYxnCqHoTXC02QlrydY2uGju%2FwuN67DLqrB1Y7G3fMPDWllAeZSqZTkYRLkrNLBjb27oWt0LMf2uORjgfCTf16IMkRkyfFcpeDsxyLfHHPyj1zPFltrrVLLVwwxtAKEscvytv17%2FpZJmuo7ngeo0eqBIywNTUnWZGV0rl72ifBVKadLlawbJ37aRdJ43PIiOlPTmHbgRgrM2788RTcVnqJjGe857dxtPASEa%2BgGjrAKnUBHvDxKj8qyqcBAPWAAQTHyF0Kqfq6bvvyxJLhH5bkq5qxxBgr7AFfzWlMimaCX1FGjWYSSPg8FTuScA1DfH4mjokI8%2FJUH7KGYa8r4v2QQ7fz6YFN8c7y%2B4STZfC4AUmM71GKeCHvMJsr2StavZoYPAsPgD6ngzH44VbljNUvLv6LPiTkBwjtk3AbmLkV8w0drC0QY6mAECEjI2x9XJ3FkKpUtzi4M4UjzKnkYlnYOCuSccj8d0hxXSOOiJoHdHyxF8cCNWv6HWzl9NWSEg306SlPMKE1%2BMT%2BFI8oVeIDHLigtaRZiGtXnv%2FtNfriPm6hd4LXP0QsvcfOeTp1%2FQNrzt31TEE0bS5ueRplI6yd90ucv9k0%2B3UBD%2FQnnX0A2kxbuC6Dr6ot%2FH%2BUHVBWSdZQ%3D%3D&amp;Expires=1781578532\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">The Q1 2026 data also reveals a market rapidly consolidating around a smaller number of dominant players. <\/p>\n<p class=\"wp-block-paragraph\">The top 10 groups accounted for 71% of all recorded victims in the quarter, a sharp contrast to the fragmented activity observed just two quarters earlier. Qilin led with 338 victims, while LockBit 5.0 returned to fourth place with 163.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/3044afc4-99df-4610-8568-93c4398f6870\/Ransomware-Ecosystem-Consolidates-Around-LockBit-Alumni-Qilin-Hyflock-and-The-Gentlemen.pdf?AWSAccessKeyId=ASIA2F3EMEYE6EZ6GC45&amp;Signature=PvI76ZaeyxJnIOLHdXaJWH68VlY%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEKL%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDnTePoyQkW4w3GKv3NlP98WIi2qQNo3mpdiOYdOoKoOwIgR4QqtpXLFPFi28yxbPtrpoo5xkmg8CROSNPZz78C3wkq8wQIaxABGgw2OTk3NTMzMDk3MDUiDJ7SkrPbMZ9RPlPrkyrQBFkR3jFJbNi2BYCuDxwwa03IxnZu%2B71RmCtQQhrgPCBVhDFvtmF%2FZENx6dZz8Bb3xncOiUfr%2B0hBc5DPZjSyC8z2Cye3dCQK83QuguHADcJk93zEQoetsKaCbKOpmBUal9rjebfIDF8kL%2BZvp%2FTHLAr9LvBDMkihnzNx9NJVrp9iyskLOd%2BV4QPSijYdeTPqPpISQaPE%2BxUSJ1Ord0DUJnUmIfxyF5RUzpfhpBwj%2BxOa72htdoT%2BwHPhEYTeU3jWYUb7igOyoNwjAqOBruournsuPKURwCX7aebglrYdJ%2FqjQA5i9Rb0PozejxGg9bvGw0%2B76BoePoqVVZqJD%2BgJ83gVWVMg0mmrv8DQWZq8CGMEUYxnCqHoTXC02QlrydY2uGju%2FwuN67DLqrB1Y7G3fMPDWllAeZSqZTkYRLkrNLBjb27oWt0LMf2uORjgfCTf16IMkRkyfFcpeDsxyLfHHPyj1zPFltrrVLLVwwxtAKEscvytv17%2FpZJmuo7ngeo0eqBIywNTUnWZGV0rl72ifBVKadLlawbJ37aRdJ43PIiOlPTmHbgRgrM2788RTcVnqJjGe857dxtPASEa%2BgGjrAKnUBHvDxKj8qyqcBAPWAAQTHyF0Kqfq6bvvyxJLhH5bkq5qxxBgr7AFfzWlMimaCX1FGjWYSSPg8FTuScA1DfH4mjokI8%2FJUH7KGYa8r4v2QQ7fz6YFN8c7y%2B4STZfC4AUmM71GKeCHvMJsr2StavZoYPAsPgD6ngzH44VbljNUvLv6LPiTkBwjtk3AbmLkV8w0drC0QY6mAECEjI2x9XJ3FkKpUtzi4M4UjzKnkYlnYOCuSccj8d0hxXSOOiJoHdHyxF8cCNWv6HWzl9NWSEg306SlPMKE1%2BMT%2BFI8oVeIDHLigtaRZiGtXnv%2FtNfriPm6hd4LXP0QsvcfOeTp1%2FQNrzt31TEE0bS5ueRplI6yd90ucv9k0%2B3UBD%2FQnnX0A2kxbuC6Dr6ot%2FH%2BUHVBWSdZQ%3D%3D&amp;Expires=1781578532\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<h2 id=\"h-ransomware-ecosystem\" class=\"wp-block-heading\"><strong>Ransomware Ecosystem<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">The Gentlemen RaaS grew from 40 victims in Q4 2025 to 166 in Q1 2026, a 315% jump that placed it third globally in a single quarter. <\/p>\n<p class=\"wp-block-paragraph\">Its founder, operating under the handle hastalamuerte, <a href=\"https:\/\/cybersecuritynews.com\/the-gentlemen-ransomware-attacks-windows\/\" id=\"150396\" target=\"_blank\" rel=\"noreferrer noopener\">originally left Qilin after a payment dispute and built The Gentlemen<\/a> into one of the fastest-growing programs in the space. <\/p>\n<p class=\"wp-block-paragraph\">The group secured an official BreachForums partnership in May 2026, gaining access to a large community of access brokers and pentesters.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/3044afc4-99df-4610-8568-93c4398f6870\/Ransomware-Ecosystem-Consolidates-Around-LockBit-Alumni-Qilin-Hyflock-and-The-Gentlemen.pdf?AWSAccessKeyId=ASIA2F3EMEYE6EZ6GC45&amp;Signature=PvI76ZaeyxJnIOLHdXaJWH68VlY%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEKL%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDnTePoyQkW4w3GKv3NlP98WIi2qQNo3mpdiOYdOoKoOwIgR4QqtpXLFPFi28yxbPtrpoo5xkmg8CROSNPZz78C3wkq8wQIaxABGgw2OTk3NTMzMDk3MDUiDJ7SkrPbMZ9RPlPrkyrQBFkR3jFJbNi2BYCuDxwwa03IxnZu%2B71RmCtQQhrgPCBVhDFvtmF%2FZENx6dZz8Bb3xncOiUfr%2B0hBc5DPZjSyC8z2Cye3dCQK83QuguHADcJk93zEQoetsKaCbKOpmBUal9rjebfIDF8kL%2BZvp%2FTHLAr9LvBDMkihnzNx9NJVrp9iyskLOd%2BV4QPSijYdeTPqPpISQaPE%2BxUSJ1Ord0DUJnUmIfxyF5RUzpfhpBwj%2BxOa72htdoT%2BwHPhEYTeU3jWYUb7igOyoNwjAqOBruournsuPKURwCX7aebglrYdJ%2FqjQA5i9Rb0PozejxGg9bvGw0%2B76BoePoqVVZqJD%2BgJ83gVWVMg0mmrv8DQWZq8CGMEUYxnCqHoTXC02QlrydY2uGju%2FwuN67DLqrB1Y7G3fMPDWllAeZSqZTkYRLkrNLBjb27oWt0LMf2uORjgfCTf16IMkRkyfFcpeDsxyLfHHPyj1zPFltrrVLLVwwxtAKEscvytv17%2FpZJmuo7ngeo0eqBIywNTUnWZGV0rl72ifBVKadLlawbJ37aRdJ43PIiOlPTmHbgRgrM2788RTcVnqJjGe857dxtPASEa%2BgGjrAKnUBHvDxKj8qyqcBAPWAAQTHyF0Kqfq6bvvyxJLhH5bkq5qxxBgr7AFfzWlMimaCX1FGjWYSSPg8FTuScA1DfH4mjokI8%2FJUH7KGYa8r4v2QQ7fz6YFN8c7y%2B4STZfC4AUmM71GKeCHvMJsr2StavZoYPAsPgD6ngzH44VbljNUvLv6LPiTkBwjtk3AbmLkV8w0drC0QY6mAECEjI2x9XJ3FkKpUtzi4M4UjzKnkYlnYOCuSccj8d0hxXSOOiJoHdHyxF8cCNWv6HWzl9NWSEg306SlPMKE1%2BMT%2BFI8oVeIDHLigtaRZiGtXnv%2FtNfriPm6hd4LXP0QsvcfOeTp1%2FQNrzt31TEE0bS5ueRplI6yd90ucv9k0%2B3UBD%2FQnnX0A2kxbuC6Dr6ot%2FH%2BUHVBWSdZQ%3D%3D&amp;Expires=1781578532\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">The program\u2019s main pitch is a 90% affiliate share, ten points above what LockBit historically offered. Its locker runs without administrator rights, supports Windows, Linux, NAS, BSD, and ESXi environments, and includes a silent mode built to defeat common file-rename detection. <\/p>\n<p class=\"wp-block-paragraph\">Each build auto-generates a ransom note with the affiliate\u2019s contact details, putting full negotiation control in their hands.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/3044afc4-99df-4610-8568-93c4398f6870\/Ransomware-Ecosystem-Consolidates-Around-LockBit-Alumni-Qilin-Hyflock-and-The-Gentlemen.pdf?AWSAccessKeyId=ASIA2F3EMEYE6EZ6GC45&amp;Signature=PvI76ZaeyxJnIOLHdXaJWH68VlY%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEKL%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDnTePoyQkW4w3GKv3NlP98WIi2qQNo3mpdiOYdOoKoOwIgR4QqtpXLFPFi28yxbPtrpoo5xkmg8CROSNPZz78C3wkq8wQIaxABGgw2OTk3NTMzMDk3MDUiDJ7SkrPbMZ9RPlPrkyrQBFkR3jFJbNi2BYCuDxwwa03IxnZu%2B71RmCtQQhrgPCBVhDFvtmF%2FZENx6dZz8Bb3xncOiUfr%2B0hBc5DPZjSyC8z2Cye3dCQK83QuguHADcJk93zEQoetsKaCbKOpmBUal9rjebfIDF8kL%2BZvp%2FTHLAr9LvBDMkihnzNx9NJVrp9iyskLOd%2BV4QPSijYdeTPqPpISQaPE%2BxUSJ1Ord0DUJnUmIfxyF5RUzpfhpBwj%2BxOa72htdoT%2BwHPhEYTeU3jWYUb7igOyoNwjAqOBruournsuPKURwCX7aebglrYdJ%2FqjQA5i9Rb0PozejxGg9bvGw0%2B76BoePoqVVZqJD%2BgJ83gVWVMg0mmrv8DQWZq8CGMEUYxnCqHoTXC02QlrydY2uGju%2FwuN67DLqrB1Y7G3fMPDWllAeZSqZTkYRLkrNLBjb27oWt0LMf2uORjgfCTf16IMkRkyfFcpeDsxyLfHHPyj1zPFltrrVLLVwwxtAKEscvytv17%2FpZJmuo7ngeo0eqBIywNTUnWZGV0rl72ifBVKadLlawbJ37aRdJ43PIiOlPTmHbgRgrM2788RTcVnqJjGe857dxtPASEa%2BgGjrAKnUBHvDxKj8qyqcBAPWAAQTHyF0Kqfq6bvvyxJLhH5bkq5qxxBgr7AFfzWlMimaCX1FGjWYSSPg8FTuScA1DfH4mjokI8%2FJUH7KGYa8r4v2QQ7fz6YFN8c7y%2B4STZfC4AUmM71GKeCHvMJsr2StavZoYPAsPgD6ngzH44VbljNUvLv6LPiTkBwjtk3AbmLkV8w0drC0QY6mAECEjI2x9XJ3FkKpUtzi4M4UjzKnkYlnYOCuSccj8d0hxXSOOiJoHdHyxF8cCNWv6HWzl9NWSEg306SlPMKE1%2BMT%2BFI8oVeIDHLigtaRZiGtXnv%2FtNfriPm6hd4LXP0QsvcfOeTp1%2FQNrzt31TEE0bS5ueRplI6yd90ucv9k0%2B3UBD%2FQnnX0A2kxbuC6Dr6ot%2FH%2BUHVBWSdZQ%3D%3D&amp;Expires=1781578532\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">Hyflock took a different approach, centering its pitch on fully integrated tooling. The program\u2019s panel bundles initial-access purchasing, automated negotiation rooms, AI-based victim data analysis, and a red team available to assist affiliates during intrusions. <\/p>\n<p class=\"wp-block-paragraph\">The actor hyflock123 claimed the encryptor runs at roughly twice the speed of LockBit 3.0, though no independent benchmark currently exists to verify that claim.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/3044afc4-99df-4610-8568-93c4398f6870\/Ransomware-Ecosystem-Consolidates-Around-LockBit-Alumni-Qilin-Hyflock-and-The-Gentlemen.pdf?AWSAccessKeyId=ASIA2F3EMEYE6EZ6GC45&amp;Signature=PvI76ZaeyxJnIOLHdXaJWH68VlY%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEKL%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDnTePoyQkW4w3GKv3NlP98WIi2qQNo3mpdiOYdOoKoOwIgR4QqtpXLFPFi28yxbPtrpoo5xkmg8CROSNPZz78C3wkq8wQIaxABGgw2OTk3NTMzMDk3MDUiDJ7SkrPbMZ9RPlPrkyrQBFkR3jFJbNi2BYCuDxwwa03IxnZu%2B71RmCtQQhrgPCBVhDFvtmF%2FZENx6dZz8Bb3xncOiUfr%2B0hBc5DPZjSyC8z2Cye3dCQK83QuguHADcJk93zEQoetsKaCbKOpmBUal9rjebfIDF8kL%2BZvp%2FTHLAr9LvBDMkihnzNx9NJVrp9iyskLOd%2BV4QPSijYdeTPqPpISQaPE%2BxUSJ1Ord0DUJnUmIfxyF5RUzpfhpBwj%2BxOa72htdoT%2BwHPhEYTeU3jWYUb7igOyoNwjAqOBruournsuPKURwCX7aebglrYdJ%2FqjQA5i9Rb0PozejxGg9bvGw0%2B76BoePoqVVZqJD%2BgJ83gVWVMg0mmrv8DQWZq8CGMEUYxnCqHoTXC02QlrydY2uGju%2FwuN67DLqrB1Y7G3fMPDWllAeZSqZTkYRLkrNLBjb27oWt0LMf2uORjgfCTf16IMkRkyfFcpeDsxyLfHHPyj1zPFltrrVLLVwwxtAKEscvytv17%2FpZJmuo7ngeo0eqBIywNTUnWZGV0rl72ifBVKadLlawbJ37aRdJ43PIiOlPTmHbgRgrM2788RTcVnqJjGe857dxtPASEa%2BgGjrAKnUBHvDxKj8qyqcBAPWAAQTHyF0Kqfq6bvvyxJLhH5bkq5qxxBgr7AFfzWlMimaCX1FGjWYSSPg8FTuScA1DfH4mjokI8%2FJUH7KGYa8r4v2QQ7fz6YFN8c7y%2B4STZfC4AUmM71GKeCHvMJsr2StavZoYPAsPgD6ngzH44VbljNUvLv6LPiTkBwjtk3AbmLkV8w0drC0QY6mAECEjI2x9XJ3FkKpUtzi4M4UjzKnkYlnYOCuSccj8d0hxXSOOiJoHdHyxF8cCNWv6HWzl9NWSEg306SlPMKE1%2BMT%2BFI8oVeIDHLigtaRZiGtXnv%2FtNfriPm6hd4LXP0QsvcfOeTp1%2FQNrzt31TEE0bS5ueRplI6yd90ucv9k0%2B3UBD%2FQnnX0A2kxbuC6Dr6ot%2FH%2BUHVBWSdZQ%3D%3D&amp;Expires=1781578532\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<h2 id=\"h-defender-recommendations-and-the-road-ahead\" class=\"wp-block-heading\"><strong>Defender Recommendations and the Road Ahead<\/strong><\/h2>\n<p class=\"wp-block-paragraph\">Security analysts warn that faster encryption, lower skill barriers, and AI-driven financial analysis of stolen data all point to one clear priority: defenders need to catch intrusions earlier in the attack chain. <\/p>\n<p class=\"wp-block-paragraph\">Both programs advertise GPO-based spreading, so Group Policy modification logs deserve close attention in any enterprise environment. <a href=\"https:\/\/cybersecuritynews.com\/ransomware-cloud-environment\/\" id=\"7718\" target=\"_blank\" rel=\"noreferrer noopener\">Cloud backup credentials should also be isolated<\/a> from domain admin paths since Hyflock specifically targets active cloud backups.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/3044afc4-99df-4610-8568-93c4398f6870\/Ransomware-Ecosystem-Consolidates-Around-LockBit-Alumni-Qilin-Hyflock-and-The-Gentlemen.pdf?AWSAccessKeyId=ASIA2F3EMEYE6EZ6GC45&amp;Signature=PvI76ZaeyxJnIOLHdXaJWH68VlY%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEKL%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDnTePoyQkW4w3GKv3NlP98WIi2qQNo3mpdiOYdOoKoOwIgR4QqtpXLFPFi28yxbPtrpoo5xkmg8CROSNPZz78C3wkq8wQIaxABGgw2OTk3NTMzMDk3MDUiDJ7SkrPbMZ9RPlPrkyrQBFkR3jFJbNi2BYCuDxwwa03IxnZu%2B71RmCtQQhrgPCBVhDFvtmF%2FZENx6dZz8Bb3xncOiUfr%2B0hBc5DPZjSyC8z2Cye3dCQK83QuguHADcJk93zEQoetsKaCbKOpmBUal9rjebfIDF8kL%2BZvp%2FTHLAr9LvBDMkihnzNx9NJVrp9iyskLOd%2BV4QPSijYdeTPqPpISQaPE%2BxUSJ1Ord0DUJnUmIfxyF5RUzpfhpBwj%2BxOa72htdoT%2BwHPhEYTeU3jWYUb7igOyoNwjAqOBruournsuPKURwCX7aebglrYdJ%2FqjQA5i9Rb0PozejxGg9bvGw0%2B76BoePoqVVZqJD%2BgJ83gVWVMg0mmrv8DQWZq8CGMEUYxnCqHoTXC02QlrydY2uGju%2FwuN67DLqrB1Y7G3fMPDWllAeZSqZTkYRLkrNLBjb27oWt0LMf2uORjgfCTf16IMkRkyfFcpeDsxyLfHHPyj1zPFltrrVLLVwwxtAKEscvytv17%2FpZJmuo7ngeo0eqBIywNTUnWZGV0rl72ifBVKadLlawbJ37aRdJ43PIiOlPTmHbgRgrM2788RTcVnqJjGe857dxtPASEa%2BgGjrAKnUBHvDxKj8qyqcBAPWAAQTHyF0Kqfq6bvvyxJLhH5bkq5qxxBgr7AFfzWlMimaCX1FGjWYSSPg8FTuScA1DfH4mjokI8%2FJUH7KGYa8r4v2QQ7fz6YFN8c7y%2B4STZfC4AUmM71GKeCHvMJsr2StavZoYPAsPgD6ngzH44VbljNUvLv6LPiTkBwjtk3AbmLkV8w0drC0QY6mAECEjI2x9XJ3FkKpUtzi4M4UjzKnkYlnYOCuSccj8d0hxXSOOiJoHdHyxF8cCNWv6HWzl9NWSEg306SlPMKE1%2BMT%2BFI8oVeIDHLigtaRZiGtXnv%2FtNfriPm6hd4LXP0QsvcfOeTp1%2FQNrzt31TEE0bS5ueRplI6yd90ucv9k0%2B3UBD%2FQnnX0A2kxbuC6Dr6ot%2FH%2BUHVBWSdZQ%3D%3D&amp;Expires=1781578532\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\">The Gentlemen\u2019s silent mode does not change file names or modification dates, so monitoring should focus on rapid partial-write patterns from non-elevated processes rather than extension changes alone. <\/p>\n<p class=\"wp-block-paragraph\">Both programs also target ESXi, Linux, and NAS hosts that frequently run without endpoint detection coverage. <\/p>\n<p class=\"wp-block-paragraph\">Verizon\u2019s 2025 DBIR found that 54% of ransomware victims had domain credentials surface in stealer marketplaces before the attack, making credential monitoring an essential first step.<a href=\"https:\/\/ppl-ai-file-upload.s3.amazonaws.com\/web\/direct-files\/attachments\/11146061\/3044afc4-99df-4610-8568-93c4398f6870\/Ransomware-Ecosystem-Consolidates-Around-LockBit-Alumni-Qilin-Hyflock-and-The-Gentlemen.pdf?AWSAccessKeyId=ASIA2F3EMEYE6EZ6GC45&amp;Signature=PvI76ZaeyxJnIOLHdXaJWH68VlY%3D&amp;x-amz-security-token=IQoJb3JpZ2luX2VjEKL%2F%2F%2F%2F%2F%2F%2F%2F%2F%2FwEaCXVzLWVhc3QtMSJHMEUCIQDnTePoyQkW4w3GKv3NlP98WIi2qQNo3mpdiOYdOoKoOwIgR4QqtpXLFPFi28yxbPtrpoo5xkmg8CROSNPZz78C3wkq8wQIaxABGgw2OTk3NTMzMDk3MDUiDJ7SkrPbMZ9RPlPrkyrQBFkR3jFJbNi2BYCuDxwwa03IxnZu%2B71RmCtQQhrgPCBVhDFvtmF%2FZENx6dZz8Bb3xncOiUfr%2B0hBc5DPZjSyC8z2Cye3dCQK83QuguHADcJk93zEQoetsKaCbKOpmBUal9rjebfIDF8kL%2BZvp%2FTHLAr9LvBDMkihnzNx9NJVrp9iyskLOd%2BV4QPSijYdeTPqPpISQaPE%2BxUSJ1Ord0DUJnUmIfxyF5RUzpfhpBwj%2BxOa72htdoT%2BwHPhEYTeU3jWYUb7igOyoNwjAqOBruournsuPKURwCX7aebglrYdJ%2FqjQA5i9Rb0PozejxGg9bvGw0%2B76BoePoqVVZqJD%2BgJ83gVWVMg0mmrv8DQWZq8CGMEUYxnCqHoTXC02QlrydY2uGju%2FwuN67DLqrB1Y7G3fMPDWllAeZSqZTkYRLkrNLBjb27oWt0LMf2uORjgfCTf16IMkRkyfFcpeDsxyLfHHPyj1zPFltrrVLLVwwxtAKEscvytv17%2FpZJmuo7ngeo0eqBIywNTUnWZGV0rl72ifBVKadLlawbJ37aRdJ43PIiOlPTmHbgRgrM2788RTcVnqJjGe857dxtPASEa%2BgGjrAKnUBHvDxKj8qyqcBAPWAAQTHyF0Kqfq6bvvyxJLhH5bkq5qxxBgr7AFfzWlMimaCX1FGjWYSSPg8FTuScA1DfH4mjokI8%2FJUH7KGYa8r4v2QQ7fz6YFN8c7y%2B4STZfC4AUmM71GKeCHvMJsr2StavZoYPAsPgD6ngzH44VbljNUvLv6LPiTkBwjtk3AbmLkV8w0drC0QY6mAECEjI2x9XJ3FkKpUtzi4M4UjzKnkYlnYOCuSccj8d0hxXSOOiJoHdHyxF8cCNWv6HWzl9NWSEg306SlPMKE1%2BMT%2BFI8oVeIDHLigtaRZiGtXnv%2FtNfriPm6hd4LXP0QsvcfOeTp1%2FQNrzt31TEE0bS5ueRplI6yd90ucv9k0%2B3UBD%2FQnnX0A2kxbuC6Dr6ot%2FH%2BUHVBWSdZQ%3D%3D&amp;Expires=1781578532\" target=\"_blank\" rel=\"noreferrer noopener\"><\/a><\/p>\n<p class=\"wp-block-paragraph\"><strong>Indicators of Compromise (IoCs):-<\/strong><\/p>\n<figure class=\"wp-block-table\">\n<table class=\"has-fixed-layout\">\n<thead>\n<tr>\n<th class=\"has-text-align-left\" data-align=\"left\">Type<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Indicator<\/th>\n<th class=\"has-text-align-left\" data-align=\"left\">Description<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>QTox Handle<\/td>\n<td>37BC1EC8D8EEE7ECEA44A953855DAC628DF0920CE41EE4164006BDC95ADEBA5738C870A23686<\/td>\n<td>Hyflock RaaS operator recruitment contact on QTox, posted on Duty-Free forum<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/figure>\n<p class=\"wp-block-paragraph\"><strong>Note:<\/strong>\u00a0<em>IP addresses and domains are intentionally defanged (e.g.,\u00a0<\/em><code><em>[.]<\/em><\/code><em>) to prevent accidental resolution or hyperlinking. Re-fang only within controlled threat intelligence platforms such as MISP, VirusTotal, or your SIEM<\/em>.<\/p>\n<p class=\"has-text-align-center has-background wp-block-paragraph\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 90%,rgb(169,184,195) 100%)\"><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong><strong>Follow us on\u00a0<a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener\">Google News<\/a>,\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener\">LinkedIn<\/a>,\u00a0and\u00a0<a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener\">X<\/a>\u00a0to Get More Instant Updates<\/strong>,\u00a0<strong>Set CSN as a Preferred Source in<\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong> <strong><strong><a href=\"https:\/\/www.google.com\/preferences\/source?q=cybersecuritynews.com\" target=\"_blank\" rel=\"noreferrer noopener\">Google<\/a><\/strong><\/strong>.<\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/strong><\/p>\n<p>The post <a href=\"https:\/\/cybersecuritynews.com\/ransomware-ecosystem-consolidates\/\">Ransomware Ecosystem Consolidates Around LockBit Alumni, Qilin, Hyflock, and The Gentlemen<\/a> appeared first on <a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>\n<\/div>\n<p> \t<BR><br \/>\n <BR><\/BR><br \/>\n    Tushar Subhra Dutta<br \/>\n \t<BR><br \/>\n<BR><\/BR><br \/>\n<a href=\"https:\/\/cybersecuritynews.com\/ransomware-ecosystem-consolidates\/\">Go to cyber-security-news<\/a><br \/>\n \t<BR><br \/>\n <BR><\/BR><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ransomware Ecosystem Consolidates Around LockBit Alumni, Qilin, Hyflock, and The Gentlemen The global ransomware landscape shifted noticeably in the first quarter of 2026, as former operators from well-known criminal groups began launching their own competing programs. Data leak sites tracked 2,122 new victims during Q1 2026, making it the second-highest first-quarter total on record. Despite [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[129,63,649],"tags":[130],"class_list":["post-13643","post","type-post","status-publish","format-standard","hentry","category-cyber-security","category-cyber-security-news","category-threats","tag-cyber-security-news"],"_links":{"self":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/13643"}],"collection":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/comments?post=13643"}],"version-history":[{"count":0,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/posts\/13643\/revisions"}],"wp:attachment":[{"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/media?parent=13643"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/categories?post=13643"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/serisec.com\/index.php\/wp-json\/wp\/v2\/tags?post=13643"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}