InfoSecBulletin Cybersecurity for mankind
According to the latest ransomware numbers from 2026, cybercrime is still a big worry worldwide. In 2026, 4,089 groups have been named as victims of ransomware around the globe.
The report says there are 99 active ransomware groups now, showing a divided and competitive world of cybercrime. These groups use methods like double extortion, stealing data, and attacking important infrastructure and businesses.
Hackers Target Cloudflare-Hosted AWS Domains to Steal Console Logins
Daily Cyber security update for 26. 06. 2026
WhatsApp to Alert Users Before Chatting With New Numbers
OpenAI unveils its first custom chip, Named Jalapeño
Bajaj Auto System Hit by a Ransomware Attack
Cisco Unified CM flaw CVE-2026-20230 exploited in attacks
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
Ransomware events have hit groups in 121 countries, showing how widespread these threats are. This large impact highlights the need for quick updates, solid backup plans, staff awareness, and active threat watching.
Top 10 Groups:
Qilin is the biggest name in ransomware right now. It has almost 600 victims, showing how strong its network is. Behind Qilin, TheGentlemen and Akira are also very active, with about 385 and 280 victims each. This shows they can pull off big attacks in different areas. At the same time, well-known ransomware groups like LockBit5, Clop, and Play are still active, even with police pressure and disruptions. Their ongoing presence shows how ransomware groups often change names, adapt, and rebuild their systems, keeping a constant threat to organizations around the world.
Top 20 Countries
The victim numbers show a lot of cases in the United States, which has about 1,730 victims. This is much higher than all other countries together. This shows that ransomware attackers focus on the US because it has many valuable targets in business, healthcare, education, and government. Germany and the UK are next, with around 190 and 180 victims, showing that major companies in Western Europe are still main targets for this type of crime. Besides these main Western countries, there is steady activity in important places in Asia-Pacific and Latin America, like India, Australia, Japan, Brazil, and Mexico, where victims usually range from about 50 to 70 each. Overall, these trends indicate a worldwide ransomware system that looks for weak and exposed organizations everywhere instead of just a few countries.
| Rank | Industry Target Sector | Approximate Volume Share |
| #1 | Business Services | ~19.5% |
| #2 | Manufacturing | ~17.0% |
| #3 | Technology | ~16.0% |
| #4 | Healthcare | ~10.5% |
| #5 | Consumer Services | ~9.0% |
| #6 | Construction | ~7.5% |
| #7 | Financial Services | ~7.0% |
| #8 | Transportation / Logistics | ~5.5% |
| #9 | Agriculture and Food Production | ~4.5% |
| #10 | Public Sector | ~3.5% |
Top 10 Sectors
The breakdown shows that ransomware mostly affects Business Services, Manufacturing, and Technology. These areas are the main targets for attackers. Disruptions here can quickly impact supply chains, business functions, and important services, putting pressure on victims to pay ransoms. Healthcare is also a big target because medical services are vital, and system failures can have serious effects. At the same time, attacks are spread more evenly across other areas like Consumer Services, Construction, and Financial Services. This suggests that ransomware groups are using wider campaigns to exploit weak systems instead of only focusing on a few industries according to ransomware.live.
New Ransomware Groups in 2026
| Added | Name | Victims in 2026 | Victims Overall | Last Victim |
|---|---|---|---|---|
| 2026-01-05 | Sicarii | 1 | 1 | 2026-01-05 |
| 2026-01-06 | Vect | 25 | 25 | 2026-04-15 |
| 2026-02-07 | Insomnia | 34 | 34 | 2026-04-28 |
| 2026-02-11 | Reynolds | 1 | 1 | 2026-02-11 |
| 2026-02-11 | Bravox | 17 | 17 | 2026-05-31 |
| 2026-02-17 | Payload | 50 | 50 | 2026-05-21 |
| 2026-02-23 | Cipherforce | 6 | 6 | 2026-02-23 |
| 2026-02-23 | Kittykatkrew | 2 | 2 | 2026-02-25 |
| 2026-02-25 | Shadowbyt3$ | 1 | 1 | 2026-02-25 |
| 2026-03-03 | Ailock | 38 | 38 | 2026-06-04 |
| 2026-03-17 | Exitium | 4 | 4 | 2026-04-14 |
| 2026-03-21 | Alp-001 | 17 | 17 | 2026-04-08 |
| 2026-04-03 | Netrunner | 6 | 6 | 2026-04-03 |
| 2026-04-03 | Krybit | 41 | 41 | 2026-06-03 |
| 2026-04-08 | Auditteam | 13 | 13 | 2026-06-04 |
| 2026-04-09 | Timc | 3 | 3 | 2026-04-09 |
| 2026-04-13 | Lamashtu | 32 | 32 | 2026-05-29 |
| 2026-04-14 | Secpo | 5 | 5 | 2026-04-29 |
| 2026-04-29 | Aurora | 10 | 10 | 2026-05-12 |
| 2026-04-29 | M3rx | 20 | 20 | 2026-05-27 |
| 2026-04-30 | Mnt6 | 3 | 3 | 2026-05-02 |
| 2026-05-01 | Fulcrumsec | 23 | 23 | 2026-05-10 |
| 2026-05-02 | Cmdorganization | 18 | 18 | 2026-06-03 |
| 2026-05-02 | Blackwater | 6 | 6 | 2026-05-02 |
| 2026-05-04 | Prinzeugen | 2 | 2 | 2026-05-16 |
| 2026-05-05 | Icarus | 1 | 1 | 2026-05-05 |
| 2026-05-10 | Leakbazaar | 9 | 9 | 2026-05-10 |
| 2026-05-14 | Shadowbyt3$ | 9 | 9 | 2026-06-03 |
| 2026-05-18 | Titan | 9 | 9 | 2026-05-30 |
| 2026-05-28 | 0day syndicate | 5 | 5 | 2026-05-29 |
| 2026-06-02 | Black x | 4 | 4 | 2026-06-02 |
Recommendations:
The 2026 ransomware scene shows that groups of all sizes can be targets. With more than 4,000 victims and 99 active groups, companies need to prioritize strong cybersecurity steps.
Key focuses are quickly fixing vulnerabilities, doing regular offline backups, and using multi-factor authentication (MFA) for important systems. Companies should also improve employee understanding of phishing attacks, set up ongoing threat monitoring, and use endpoint detection and response (EDR) tools.
Regular security checks, planning for incidents, and testing recovery are important to reduce disruption and money loss. In today’s threat world, being ready, strong, and spotting issues early are the best ways to fight ransomware.
