InfoSecBulletin Cybersecurity for mankind
According to the latest ransomware numbers from 2026, cybercrime is still a big worry worldwide. In 2026, 4,089 groups have been named as victims of ransomware around the globe.
The report says there are 99 active ransomware groups now, showing a divided and competitive world of cybercrime. These groups use methods like double extortion, stealing data, and attacking important infrastructure and businesses.
Cisco SD-WAN Flaw Exploited and Trend Micro Flaws Allows to Security Bypass
Ransomware Crisis Deepens: 4,089 Victims Hit Across 121 Countries in 2026
CVE-2026-20230
Cisco Patches in Unified CM as Exploit Code Goes Public
1-Click GitHub Token Flaw Allows Attackers Steal Users’ OAuth Tokens
TP-Link Router Flaw Enables Remote Command Execution Attacks
ALERT
Google patches one exploited Android zero-day and 124 issues
CISA warns two-year-old Oracle Vuln as actively exploited in attacks
Hackers Use Meta’s AI Bot to Take Over Instagram Accounts
Anthropic confirms Claude Mythos-class models will be public
Threat Actors Fake FIFA Sites to Steal Personal Info
Ransomware events have hit groups in 121 countries, showing how widespread these threats are. This large impact highlights the need for quick updates, solid backup plans, staff awareness, and active threat watching.
Top 10 Groups:
Qilin is the biggest name in ransomware right now. It has almost 600 victims, showing how strong its network is. Behind Qilin, TheGentlemen and Akira are also very active, with about 385 and 280 victims each. This shows they can pull off big attacks in different areas. At the same time, well-known ransomware groups like LockBit5, Clop, and Play are still active, even with police pressure and disruptions. Their ongoing presence shows how ransomware groups often change names, adapt, and rebuild their systems, keeping a constant threat to organizations around the world.
Top 20 Countries
The victim numbers show a lot of cases in the United States, which has about 1,730 victims. This is much higher than all other countries together. This shows that ransomware attackers focus on the US because it has many valuable targets in business, healthcare, education, and government. Germany and the UK are next, with around 190 and 180 victims, showing that major companies in Western Europe are still main targets for this type of crime. Besides these main Western countries, there is steady activity in important places in Asia-Pacific and Latin America, like India, Australia, Japan, Brazil, and Mexico, where victims usually range from about 50 to 70 each. Overall, these trends indicate a worldwide ransomware system that looks for weak and exposed organizations everywhere instead of just a few countries.
| Rank | Industry Target Sector | Approximate Volume Share |
| #1 | Business Services | ~19.5% |
| #2 | Manufacturing | ~17.0% |
| #3 | Technology | ~16.0% |
| #4 | Healthcare | ~10.5% |
| #5 | Consumer Services | ~9.0% |
| #6 | Construction | ~7.5% |
| #7 | Financial Services | ~7.0% |
| #8 | Transportation / Logistics | ~5.5% |
| #9 | Agriculture and Food Production | ~4.5% |
| #10 | Public Sector | ~3.5% |
Top 10 Sectors
The breakdown shows that ransomware mostly affects Business Services, Manufacturing, and Technology. These areas are the main targets for attackers. Disruptions here can quickly impact supply chains, business functions, and important services, putting pressure on victims to pay ransoms. Healthcare is also a big target because medical services are vital, and system failures can have serious effects. At the same time, attacks are spread more evenly across other areas like Consumer Services, Construction, and Financial Services. This suggests that ransomware groups are using wider campaigns to exploit weak systems instead of only focusing on a few industries according to ransomware.live.
New Ransomware Groups in 2026
| Added | Name | Victims in 2026 | Victims Overall | Last Victim |
|---|---|---|---|---|
| 2026-01-05 | Sicarii | 1 | 1 | 2026-01-05 |
| 2026-01-06 | Vect | 25 | 25 | 2026-04-15 |
| 2026-02-07 | Insomnia | 34 | 34 | 2026-04-28 |
| 2026-02-11 | Reynolds | 1 | 1 | 2026-02-11 |
| 2026-02-11 | Bravox | 17 | 17 | 2026-05-31 |
| 2026-02-17 | Payload | 50 | 50 | 2026-05-21 |
| 2026-02-23 | Cipherforce | 6 | 6 | 2026-02-23 |
| 2026-02-23 | Kittykatkrew | 2 | 2 | 2026-02-25 |
| 2026-02-25 | Shadowbyt3$ | 1 | 1 | 2026-02-25 |
| 2026-03-03 | Ailock | 38 | 38 | 2026-06-04 |
| 2026-03-17 | Exitium | 4 | 4 | 2026-04-14 |
| 2026-03-21 | Alp-001 | 17 | 17 | 2026-04-08 |
| 2026-04-03 | Netrunner | 6 | 6 | 2026-04-03 |
| 2026-04-03 | Krybit | 41 | 41 | 2026-06-03 |
| 2026-04-08 | Auditteam | 13 | 13 | 2026-06-04 |
| 2026-04-09 | Timc | 3 | 3 | 2026-04-09 |
| 2026-04-13 | Lamashtu | 32 | 32 | 2026-05-29 |
| 2026-04-14 | Secpo | 5 | 5 | 2026-04-29 |
| 2026-04-29 | Aurora | 10 | 10 | 2026-05-12 |
| 2026-04-29 | M3rx | 20 | 20 | 2026-05-27 |
| 2026-04-30 | Mnt6 | 3 | 3 | 2026-05-02 |
| 2026-05-01 | Fulcrumsec | 23 | 23 | 2026-05-10 |
| 2026-05-02 | Cmdorganization | 18 | 18 | 2026-06-03 |
| 2026-05-02 | Blackwater | 6 | 6 | 2026-05-02 |
| 2026-05-04 | Prinzeugen | 2 | 2 | 2026-05-16 |
| 2026-05-05 | Icarus | 1 | 1 | 2026-05-05 |
| 2026-05-10 | Leakbazaar | 9 | 9 | 2026-05-10 |
| 2026-05-14 | Shadowbyt3$ | 9 | 9 | 2026-06-03 |
| 2026-05-18 | Titan | 9 | 9 | 2026-05-30 |
| 2026-05-28 | 0day syndicate | 5 | 5 | 2026-05-29 |
| 2026-06-02 | Black x | 4 | 4 | 2026-06-02 |
Recommendations:
The 2026 ransomware scene shows that groups of all sizes can be targets. With more than 4,000 victims and 99 active groups, companies need to prioritize strong cybersecurity steps.
Key focuses are quickly fixing vulnerabilities, doing regular offline backups, and using multi-factor authentication (MFA) for important systems. Companies should also improve employee understanding of phishing attacks, set up ongoing threat monitoring, and use endpoint detection and response (EDR) tools.
Regular security checks, planning for incidents, and testing recovery are important to reduce disruption and money loss. In today’s threat world, being ready, strong, and spotting issues early are the best ways to fight ransomware.
