Thegentlemen ransomware group has listed Madagascar Airlines on its leak site.
A visible countdown timer (176 hours) was displayed, implying the start of a data exposure window, a typical tactic used by extortion groups to pressure victims into negotiation.
While no data samples have yet been published, the language used by the group suggests data exfiltration prior to encryption, a hallmark of double-extortion ransomware operations.
Disclaimer: This report is based on open-source intelligence (OSINT) and dark web monitoring. CyHawk Africa has not independently verified the authenticity of the claimed data. The report is intended solely for cybersecurity awareness and situational intelligence purposes.