Thegentlemen Strike Again: Brazil’s Largest Market Research Firm and Hospital Hit in Ransomware Double Blow

In a chilling turn for Brazilian industry and public health, the notorious ransomware collective known as Thegentlemen has claimed responsibility for attacks on two high-profile organizations: HSR Specialist Researchers, Brazil’s largest independent market research firm, and Santa Casa de Assis, a historic hospital serving São Paulo’s Assis region. The incidents, unveiled by Ransomware.live on December 24, 2025, highlight the growing threat posed by cybercriminals targeting critical data and infrastructure across sectors.

Critical Institutions in the Crosshairs

Thegentlemen’s latest cyber-offensive demonstrates a disturbing trend: ransomware groups are no longer just targeting deep-pocketed Western corporations but are expanding their reach into Brazil’s vital business and healthcare infrastructures. HSR Specialist Researchers, renowned for its expansive market analytics serving sectors from automotive to finance and technology, relies on vast troves of proprietary and client data. A breach of this magnitude threatens not only its business operations but also the competitive edge and privacy of its clients across Brazil’s economic landscape.

Santa Casa de Assis, a cornerstone of community healthcare since 1919, is responsible for emergency care, maternity, intensive care, and more. Health sector ransomware attacks can paralyze vital services, endanger patient safety, and expose confidential medical information. While details on the scale of data compromised remain under wraps, the mere targeting of such an institution is a stark warning of the risks facing healthcare providers worldwide.

Technical Shadows and Unanswered Questions

While Thegentlemen’s motivations are financial, their methods are shrouded in secrecy. The group is known for leveraging sophisticated malware to encrypt critical systems and threaten data leaks unless hefty ransoms are paid. The attack timelines suggest careful planning: HSR’s breach dates back to February 2025, while Santa Casa’s attack appears to have occurred in December. The delayed public disclosure, common in ransomware cases, may reflect ongoing negotiations or internal investigations.

Both organizations’ DNS records were identified, but the full extent of operational disruption and data loss is yet to be revealed. As ransomware groups continue to publicize their victims to exert pressure, the need for robust cybersecurity and transparent crisis management is more urgent than ever.

Looking Ahead

Thegentlemen’s dual attack underscores the vulnerability of even the most prominent and established Brazilian institutions. As law enforcement and cybersecurity professionals race to contain the fallout, these incidents serve as a sobering reminder: in today’s digital age, no sector is immune, and the stakes-whether patient lives or corporate secrets-could not be higher.

WIKICROOK

• Ransomware: Ransomware is malicious software that encrypts or locks data, demanding payment from victims to restore access to their files or systems.
• Data Exfiltration: Data exfiltration is the unauthorized transfer of sensitive data from a victim’s system to an attacker’s control, often for malicious purposes.
• DNS Records: DNS records are digital instructions that direct internet traffic to the right servers, ensuring websites and services are accessible and secure.
• Encryption: Encryption transforms readable data into coded text to prevent unauthorized access, protecting sensitive information from cyber threats and prying eyes.
• Leak Site: A leak site is a website where cybercriminals post or threaten to post stolen data to pressure victims into paying a ransom.