Escalating Ransomware Attacks: A 30% Surge in 2026
Ransomware has become a pressing concern in today’s digital landscape, with attacks increasing by 30% since late last year. According to fresh insights from Cyble, this upward trend shows no signs of slowing down in 2026, particularly impacting software and manufacturing supply chains.
Rising Attack Numbers
Research highlights that ransomware groups executed a staggering 2,018 attacks in the last quarter of 2025, averaging nearly 673 incidents per month to close out a record year. January 2026 continued this momentum, with 679 claims of victimized organizations. For context, the monthly average for victim incidents during the first nine months of 2025 stood at about 512, indicating a substantial rise in activity since then.
A visual representation of ransomware incidents from 2021 onward, demonstrated by Cyble’s chart, illustrates a consistent upward trajectory since mid-2025.
Dominant Ransomware Groups
In the competitive landscape of cybercrime, the Qilin group has secured its position as the most prominent ransomware organization, claiming 115 victims in January alone. Following closely is the CL0P group, which accounted for 93 incidents amid a new campaign that has triggered multiple attacks across diverse sectors, including banking, healthcare, and IT.
Akira maintains its spot within the top ranks, with 76 assaults logged, while newcomers Sinobi and The Gentlemen have also made notable entries into the scene. Cyble noted the cluster pattern of attacks by CL0P, which often exploits vulnerabilities in software, such as the Oracle E-Business Suite flaws, contributing to a surge in supply chain attacks.
Geographic Landscape of Attacks
The United States remains at the forefront of ransomware incidents, with the UK and Australia also experiencing an uptick in attacks, largely attributed to activities from the CL0P group. This pattern not only reveals the global nature of the threat but also underscores the vulnerability of various sectors to these cyberattacks.
Targeted Industries
Particularly concerning are the sectors that continue to be targeted by ransomware actors. The construction, manufacturing, and professional services fields have emerged as vulnerable targets. Additionally, the IT industry is marked as a frequent victim, likely due to its complex environment that can serve as a gateway to downstream customer networks.
A breakdown by industry showcases that these sectors must prioritize cybersecurity measures to protect against the evolving threat landscape.
Impact on Supply Chains
Recent months have showcased significant ransomware incidents bearing serious implications for the supply chain. Cyble reported ten notable attacks in January alone, revealing dire consequences for several high-profile companies.
One pivotal incident involved the Everest group breaching a major US telecommunications manufacturer. The attackers claimed to have accessed sensitive engineering documents, including electrical schematics and service subsystem documentation.
Another instance involved the Sinobi group’s infiltration of an IT services firm in India, where they purportedly accessed internal infrastructures such as Microsoft Hyper-V servers and multiple virtual machines. Similarly, the Rhysida group targeted a US life sciences company, compromising sensitive engineering blueprints and critical project documentation.
Further complicating the landscape, a RansomHouse attack on a China-based electronics manufacturer threatened to expose proprietary engineering information essential to various technology and automotive brands. In another notable case, INC Ransom targeted a Hong Kong component manufacturer, potentially leaking client-related information linked to major global enterprises.
Emergence of New Threats
Cyble also observed the rise of new ransomware organizations such as Green Blood, DataKeeper, and MonoLock, with the latter two promoting features aimed at attracting affiliates to their illicit enterprises. This rising trend highlights the ongoing evolution of ransomware tactics and the continuous threat posed by these malicious groups.
In summary, the landscape of ransomware attacks has drastically shifted, and the stakes remain high for businesses worldwide. Organizations must implement robust cyber defenses to combat the increasing sophistication and frequency of these cybercriminal activities.
