惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

H
Heimdal Security Blog
P
Privacy International News Feed
S
Schneier on Security
P
Proofpoint News Feed
L
Lohrmann on Cybersecurity
Spread Privacy
Spread Privacy
P
Privacy & Cybersecurity Law Blog
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Scott Helme
Scott Helme
K
Kaspersky official blog
大猫的无限游戏
大猫的无限游戏
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
aimingoo的专栏
aimingoo的专栏
Simon Willison's Weblog
Simon Willison's Weblog
S
Securelist
Help Net Security
Help Net Security
B
Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Security Archives - TechRepublic
Security Archives - TechRepublic
云风的 BLOG
云风的 BLOG
The GitHub Blog
The GitHub Blog
N
News and Events Feed by Topic
Hacker News: Ask HN
Hacker News: Ask HN
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
M
MIT News - Artificial intelligence
雷峰网
雷峰网
博客园 - 司徒正美
V
V2EX
AWS News Blog
AWS News Blog
Know Your Adversary
Know Your Adversary
N
News | PayPal Newsroom
T
Tor Project blog
Cisco Talos Blog
Cisco Talos Blog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
PCI Perspectives
PCI Perspectives
Google DeepMind News
Google DeepMind News
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
U
Unit 42
C
Cybersecurity and Infrastructure Security Agency CISA
P
Palo Alto Networks Blog
G
Google Developers Blog
T
Threat Research - Cisco Blogs
博客园 - Franky
I
InfoQ
D
DataBreaches.Net
爱范儿
爱范儿
Y
Y Combinator Blog
博客园 - 叶小钗
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报

Comparitech

How to watch McGregor vs Holloway 2 (UFC 329) from anywhere Medical billing firm MCBS warns 300,000+ patients of data breach - Comparitech Ransomware Roundup: H1 2026 stats on attacks, ransoms, and active gangs - Comparitech Colorado Health Network warns 68,000+ people of data breach that leaked SSNs, credit cards, and medical records - Comparitech Middletown, OH warns 123,000+ people of data breach that leaked SSNs, financial and medical info - Comparitech DeGoogling your life: What is it and how do you do it? How to opt out of Meta AI data collection - Comparitech Is CurseForge safe? Common risks and how to mod safely - Comparitech Cybercriminals say they hacked New South Wales Rural Fire Service - Comparitech Grandview School District warns 9,000+ people of data breach 21 months later - Comparitech Which industry & country has the worst email security? An analysis of 5,800+ domains for SPF, DMARC, DKIM & MTA-STS protocols - Comparitech Kootenai County, ID warns residents of government data breach that leaked personal info - Comparitech What is Kik? Is it safe for kids? - Comparitech Cybercriminals say they hacked Reynella East College - Comparitech Are UK council websites adhering to government security guidelines? - Comparitech Bellflower Unified Schools warns students of data breach that leaked SSNs - Comparitech What are location services and how do they work? - Comparitech How to bypass Xbox age verification - Comparitech What is a Minecraft dedicated IP? Do you need one? The best Discord alternatives in 2026 - Comparitech How to watch UFC Freedom 250: Stream UFC White House online Taos Mountain Casino warns of data breach that leaked SSNs Cybercriminals give Delano Public Schools two weeks to pay ransom How to fix ‘Your connection is not private’ in Chrome Plaza Home Mortgage warns 138,000 people of data breach that leaked SSNs How to watch the NBA Finals live online from anywhere Cybercriminals take credit for Singing River Health System data breach How Spammers Are Hiding Behind Google and the New York Times Ransomware roundup: May 2026 Iowa hospital warns 24,000+ people of data breach that leaked SSNs, medical and financial info 80K+ people notified of data breach at Louisiana university that leaked SSNs & bank info Finance firm IMA warns 525,000+ people of data breach Auto lender IAC warns 79,000+ people of data breach that leaked SSNs Sandstone, MN says SSNs and financial info compromised in ransomware data breach Las mejores herramientas de gestión de Active Directory Die besten Active-Directory-Management-Tools I Migliori Strumenti di Gestione di Active Directory Las mejores herramientas de gestión de logs Die besten Log-Management-Tools I migliori strumenti di log management Watching You, Funded by You: Number of CCTV Cameras by UK Council & Police Force Las mejores herramientas SIEM para alertas de seguridad automatizadas Die besten SIEM-Tools für automatisierte Sicherheitswarnungen I migliori strumenti SIEM per gli avvisi di sicurezza automatizzati Software maker warns 200,000 Frost Bank customers in Texas of data breach Oregon employment firm notifies 142,000+ people of two data breaches claimed by ransomware gangs Cybercriminals say they hacked Harrison County, WV commission, demand ransom Cybercriminals say they breached AdvancedHealth, Tennessee clinic confirms Fluke Corp notifies 18,000+ people of data breach that leaked SSNs What is Token-Based Authentication? Tokens Explained Western Orthopaedics warns 113,000+ people of data breach that leaked SSNs, credit cards, and medical info What is ARP? ARP protocol explained What is symmetric encryption? Crunchyroll VPN not working? Fix buffering, errors & region blocks American Lending Center notifies 123,000+ people of data breach that leaked SSNs How to watch Oleksandr Usyk vs Rico Verhoeven online Cybercriminals say they hacked CarePoint Health, stole data Ransomware gang claims attack and data theft from UK city school Horizon Media reports data breach of SSNs, cybercriminals take credit Claude VPNs (and how to use Claude safely) What is GhostPairing on WhatsApp? What is a prompt injection attack? Where do leaked passwords end up? A statistical analysis of the dark web’s credential pipeline Ransomware roundup: April 2026 Suffolk, VA warns 157,000+ people of data breach that leaked SSNs, finances How to watch UFC 328 (Chimaev vs Strickland) from anywhere Cybercriminals say they hacked Winona County, MN (again) Keeper vs 1Password: Which password manager is best in 2026? What is F-Droid? Is it safe? Proton VPN Secure Core: What is it, and should you use it? What is an agentic browser? Features and how to use them safely Sandhills Medical Foundation warns patients of data breach Cybercriminals say they hacked Massachusetts Development Finance Agency, its second breach in 2 years STELIA Aerospace confirms cyber attack on North American systems. $2.07 million ransom issued Debt collector Rodenburg Law Firm warns 81,307 people of data breach Healthcare ransomware roundup: Q1 2026 stats on attacks, ransoms, and data breaches How to block ads on Paramount Plus A complete guide to smart speaker privacy What is the Great Firewall of China Cybercriminals say they hacked Rusk County, WI What is a decentralized VPN? Do you need a dVPN? Southern Illinois Dermatology warns patients of data breach that leaked SSNs 92,000 people notified of data breach following cyber attack at Puerto Rican hospital Cybercriminals say they hacked Minidoka Memorial Hospital, demand ransom What is sensitive data? Types and how to protect yourself Inside RAMP: What a leaked database reveals about Russia’s ransomware marketplace What is a passphrase? Are they safer than passwords? Phoenix Art Museum warns of data breach that leaked SSNs Mozilla VPN vs NordVPN – VPN Comparison Guide Cookeville Regional Medical Center warns 338,000 people of data breach Antimalware vs Antivirus: What’s the difference? What is URL phishing? Examples and how to stay safe How to use a VPN in Bhutan (and the best options) Cybercriminals give Brockton, MA hospital one week to pay ransom after hack Is Truth Social safe? Everything you need to know What is cyberwarfare? Medical implant maker TriMed warns 80,000+ people of data breach Heart South Cardiovascular Group warns 46,000+ people of data breach Cybercriminals say they hacked Community College of Beaver County Critical Infrastructure at Risk: 179 ICS Devices Exposed Online
Ransomware roundup: Q1 2026
2026-04-08 · via Comparitech

Ransomware roundup_ Q1 2026

During the first three months of 2026, ransomware attacks remained high with Comparitech researchers tracking 2,200 attacks in total. This is a slight increase on Q4 of 2025 (up 1.66 percent).

When comparing Q4 of 2025 to Q1 of 2026, the education and healthcare sectors saw significant declines in ransomware, dropping by 23 percent and 14 percent, respectively. However, businesses operating in the healthcare sector (but not providing direct care, e.g. pharmaceutical and medical device manufacturers) saw the most significant increase with attacks rising by 35 percent.

Transportation (up 29%), finance (up 16%), retail (up 15%), technology (up 13%), and construction companies (up 12%) all saw an uptick in attacks.

Attacks on the manufacturing sector rose significantly throughout 2025 and plateaued in Q1 of 2026. While this does make for positive reading, the attack numbers in this sector remain high, accounting for 22 percent of all attacks on businesses (429 attacks in total).

Key findings for Q1 2026:

  • 2,200 attacks in total — 193 confirmed attacks
  • Of the 193 confirmed attacks:
    • 121 were on businesses
    • 35 were on government entities
    • 22 were on healthcare companies
    • 15 were on educational institutions
  • Of the 2,007 unconfirmed attacks*:
    • 1,805 were on businesses
    • 62 were on government entities
    • 98 were on healthcare companies
    • 38 were on educational institutions
  • The most prolific ransomware gangs were Qilin (353 attack claims), The Gentlemen (202), Akira (201), INC (131), Clop (122), and Play (119)
  • Qilin and The Gentlemen had the most confirmed attacks out of these claims with 23 and 20, respectively
  • Over 454 TB of data has been stolen across all these attacks
  • The US saw the most attacks (1,041), followed by Canada (105), the United Kingdom (82), Italy (67), Germany (65), and France (62)

*4 unconfirmed attacks couldn’t be attributed to a sector due to limited company information.

Ransomware attacks by sector

Government

From Q4 of 2025 to Q1 of 2026, attacks on government entities increased by just two percent, rising from 95 in the last quarter of 2025 to 97 in Q1 of 2026.

  • 97 attacks in total (confirmed and unconfirmed)
  • 35 confirmed attacks
  • 62 unconfirmed attacks
  • Average ransom of $480,000 million across all attacks – up from $381,000 in Q4 of 2025
  • Largest ransom of $3.1 million was demanded from the Land and Agricultural Development Bank of South Africa by unknown hackers. This wasn’t paid

Also of note are the number of government transportation companies targeted in Q1 of 2026. Five attacks were confirmed, including Verkehrsgesellschaft Main-Tauber (Germany), Nagoya Port Authority (Japan), Tulsa International Airport (US), Namibia Airports Company, and Puerto de Vigo (Spain).

Healthcare

Q1 of 2026 saw 120 attacks on the healthcare sector, which is a 14 percent decrease on Q4 of 2025 where 140 attacks were recorded.

  • 120 attacks in total (confirmed and unconfirmed)
  • 22 confirmed attacks
  • 98 unconfirmed attacks
  • Average ransom of $16.9 million across all attacks – up from $577,800 in Q4 of 2025
  • Largest ransom of $100 million was demanded by NetRunner from Nippon Medical School Musashi Kosugi Hospital, Japan. This wasn’t paid
  • Largest reported breach: Nippon Medical School Musashi Kosugi Hospital, Japan, with 131,700 people affected

Education

Throughout Q1 2026, the education sector saw 53 attacks in total, which is a 23 percent decrease on Q4 of 2025 (69).

  • 53 attacks in total (confirmed and unconfirmed)
  • 15 confirmed attacks
  • 38 unconfirmed attacks
  • Average ransom of $224,000 across all attacks – down from $458,200 in Q4 of 2025
  • Largest ransom of $457,000 from Rhysida on a California school district (unconfirmed)

Businesses

Attacks on businesses climbed from 1,847 in Q4 of 2025 to 1,926 in Q1 of 2026—a four percent increase.

  • 1,926 attacks in total (confirmed and unconfirmed)
  • 121 confirmed attacks
  • 1,805 unconfirmed attacks
  • Average ransom of $647,000 across all attacks – up from $487,000 in Q4 of 2025
  • Largest ransom of $13 million was demanded by the Silent ransomware group from legal firm Jones Day
  • Largest reported breach: Anabuki Housing Service Co., Ltd., Japan, with 496,000 people affected. Qilin claimed the attack after allegedly stealing 240 GB of data

As we’ve already noted, certain sub-industries saw far greater increases than others from Q4 of 2025 to Q1 2026.

Companies operating within the healthcare sector, such as medical billing providers, healthcare device manufacturers, and pharmaceutical companies that don’t offer direct care to patients, saw the greatest increase. Here, attacks rose by 35 percent from 60 in Q4 of 2025 to 81 in Q1 of 2026. Attacks on these types of companies remain a key focus for hackers due to the disruption they can cause to multiple companies via one central organization and the amount of data up for grabs.

In recent months, we’ve seen a number of huge data breaches as a result of attacks on this sector last year. They include Insightin Health, which notified more than 1.14 million people of its breach.

Transportation companies also saw a significant increase in attacks (up 29 percent from Q4 of 2025 to Q1 of 2026). This is in addition to the government-owned transportation companies noted above.

Following extensive attacks in recent months, attacks on manufacturers plateaued in the first quarter of 2026. Nevertheless, figures do remain high with 429 attacks in total (the highest in any sub-industry). Two attacks in Japan highlight why the manufacturing sector is another prime target for hackers. Akira’s attack on Swagerock Japan demonstrates the disruption these attacks can cause after order shipping was delayed by a week, while BlackShrantac’s attack on F-One Co., Ltd. shows how large the subsequent data breaches can be with 170,000 people impacted.

The most prolific ransomware strains in Q1 2026

Not much has changed throughout the start of 2026 when it comes to the top ransomware strains. Qilin continues to take the top spot with 353 attacks in total. The Gentlemen and Akira followed with 202 and 201 attacks, respectively.

Qilin also had the most confirmed attacks (23) but The Gentlemen wasn’t too far behind with 20 confirmed attacks.

Nine of Qilin’s confirmed attacks were carried out in the US, five in Germany, and the rest across eight different countries. Qilin’s confirmed attacks also target an array of industries but four attacks each were carried out on healthcare providers, manufacturers, and retailers. Three government entities were also targeted.

None of The Gentlemen’s confirmed attacks were on US entities, but across 15 different countries. Government entities, educational institutions, and healthcare providers also make up the majority of The Gentlemen’s confirmed attacks with five, four, and three attacks each, respectively.

PEAR claims to have stolen the most data with over 46 TB in total. 16 TB alone was said to have been stolen from Monmouth University.

Q1 2026 ransomware attacks by country

The US remained the biggest target for ransomware gangs in Q1 of 2026 with 1,041 attacks in total. This was a five percent decrease from Q4 of 2025 where 1,094 attacks were recorded.

Attacks in Canada and Germany also decreased quarter on quarter, falling by 14 percent and 16 percent, respectively.

In contrast, increases were seen in the United Kingdom (up 52 percent), Italy (up 72 percent), Brazil (up 20 percent), and Japan (up 52 percent).

Confirmed vs unconfirmed attacks

We label a ransomware attack as “confirmed” when a) the targeted organization publicly discloses an attack that involved ransomware, or b) the targeted organization publicly acknowledges a cyber attack that coincides with a claim made by a ransomware group. If a ransomware group claims that it successfully attacked an organization, but the organization never acknowledged an attack, then we label the attack as “unconfirmed”.

An attack might be unconfirmed because the ransomware group making the claim is lying, or because the targeted organization chose not to disclose the attack to the public. Ransomware groups post their attack claims on their respective websites, where the data is auctioned or released when organizations don’t meet their ransom demands.

Organizations in the US are required to disclose data breaches, which often result from ransomware attacks, to state officials when they meet certain thresholds. Not all countries have breach disclosure laws.

When an attack is confirmed, it is removed from our list of unconfirmed attacks. Therefore, we must allow for some changes in figures when comparing monthly figures, especially when using unconfirmed attacks. This is due to claims from ransomware groups often coming a month later than the attack was carried out–if not longer. For example, if a ransomware gang claims an attack in January 2025, it may later be confirmed as an attack in December 2024 and will, therefore, be attributed to a different quarter.