惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

T
Threatpost
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
V
Visual Studio Blog
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Forbes - Security
Forbes - Security
人人都是产品经理
人人都是产品经理
N
Netflix TechBlog - Medium
Recent Commits to openclaw:main
Recent Commits to openclaw:main
WordPress大学
WordPress大学
Webroot Blog
Webroot Blog
Jina AI
Jina AI
H
Hacker News: Front Page
Attack and Defense Labs
Attack and Defense Labs
T
Troy Hunt's Blog
TaoSecurity Blog
TaoSecurity Blog
AI
AI
Hacker News - Newest:
Hacker News - Newest: "LLM"
Google Online Security Blog
Google Online Security Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Help Net Security
Help Net Security
美团技术团队
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
博客园 - 叶小钗
P
Privacy International News Feed
A
Arctic Wolf
IT之家
IT之家
云风的 BLOG
云风的 BLOG
S
Security Affairs
Simon Willison's Weblog
Simon Willison's Weblog
The Cloudflare Blog
博客园 - 司徒正美
Vercel News
Vercel News
C
Cyber Attacks, Cyber Crime and Cyber Security
SecWiki News
SecWiki News
K
Kaspersky official blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
N
News and Events Feed by Topic
S
Schneier on Security
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
有赞技术团队
有赞技术团队
PCI Perspectives
PCI Perspectives
F
Fortinet All Blogs
T
Tenable Blog
Spread Privacy
Spread Privacy
T
The Blog of Author Tim Ferriss
S
Securelist
L
LangChain Blog
Latest news
Latest news
Cloudbric
Cloudbric
博客园 - 三生石上(FineUI控件)

Comparitech

How to watch McGregor vs Holloway 2 (UFC 329) from anywhere Medical billing firm MCBS warns 300,000+ patients of data breach - Comparitech Ransomware Roundup: H1 2026 stats on attacks, ransoms, and active gangs - Comparitech Colorado Health Network warns 68,000+ people of data breach that leaked SSNs, credit cards, and medical records - Comparitech Middletown, OH warns 123,000+ people of data breach that leaked SSNs, financial and medical info - Comparitech DeGoogling your life: What is it and how do you do it? How to opt out of Meta AI data collection - Comparitech Is CurseForge safe? Common risks and how to mod safely - Comparitech Cybercriminals say they hacked New South Wales Rural Fire Service - Comparitech Grandview School District warns 9,000+ people of data breach 21 months later - Comparitech Which industry & country has the worst email security? An analysis of 5,800+ domains for SPF, DMARC, DKIM & MTA-STS protocols - Comparitech Kootenai County, ID warns residents of government data breach that leaked personal info - Comparitech What is Kik? Is it safe for kids? - Comparitech Cybercriminals say they hacked Reynella East College - Comparitech Are UK council websites adhering to government security guidelines? - Comparitech Bellflower Unified Schools warns students of data breach that leaked SSNs - Comparitech What are location services and how do they work? - Comparitech How to bypass Xbox age verification - Comparitech What is a Minecraft dedicated IP? Do you need one? The best Discord alternatives in 2026 - Comparitech How to watch UFC Freedom 250: Stream UFC White House online Taos Mountain Casino warns of data breach that leaked SSNs Cybercriminals give Delano Public Schools two weeks to pay ransom How to fix ‘Your connection is not private’ in Chrome Plaza Home Mortgage warns 138,000 people of data breach that leaked SSNs How to watch the NBA Finals live online from anywhere Cybercriminals take credit for Singing River Health System data breach How Spammers Are Hiding Behind Google and the New York Times Ransomware roundup: May 2026 Iowa hospital warns 24,000+ people of data breach that leaked SSNs, medical and financial info 80K+ people notified of data breach at Louisiana university that leaked SSNs & bank info Finance firm IMA warns 525,000+ people of data breach Auto lender IAC warns 79,000+ people of data breach that leaked SSNs Sandstone, MN says SSNs and financial info compromised in ransomware data breach Las mejores herramientas de gestión de Active Directory Die besten Active-Directory-Management-Tools I Migliori Strumenti di Gestione di Active Directory Las mejores herramientas de gestión de logs Die besten Log-Management-Tools I migliori strumenti di log management Watching You, Funded by You: Number of CCTV Cameras by UK Council & Police Force Las mejores herramientas SIEM para alertas de seguridad automatizadas Die besten SIEM-Tools für automatisierte Sicherheitswarnungen I migliori strumenti SIEM per gli avvisi di sicurezza automatizzati Software maker warns 200,000 Frost Bank customers in Texas of data breach Oregon employment firm notifies 142,000+ people of two data breaches claimed by ransomware gangs Cybercriminals say they hacked Harrison County, WV commission, demand ransom Cybercriminals say they breached AdvancedHealth, Tennessee clinic confirms Fluke Corp notifies 18,000+ people of data breach that leaked SSNs What is Token-Based Authentication? Tokens Explained Western Orthopaedics warns 113,000+ people of data breach that leaked SSNs, credit cards, and medical info What is ARP? ARP protocol explained What is symmetric encryption? Crunchyroll VPN not working? Fix buffering, errors & region blocks American Lending Center notifies 123,000+ people of data breach that leaked SSNs How to watch Oleksandr Usyk vs Rico Verhoeven online Cybercriminals say they hacked CarePoint Health, stole data Ransomware gang claims attack and data theft from UK city school Horizon Media reports data breach of SSNs, cybercriminals take credit Claude VPNs (and how to use Claude safely) What is GhostPairing on WhatsApp? What is a prompt injection attack? Where do leaked passwords end up? A statistical analysis of the dark web’s credential pipeline Suffolk, VA warns 157,000+ people of data breach that leaked SSNs, finances How to watch UFC 328 (Chimaev vs Strickland) from anywhere Cybercriminals say they hacked Winona County, MN (again) Keeper vs 1Password: Which password manager is best in 2026? What is F-Droid? Is it safe? Proton VPN Secure Core: What is it, and should you use it? What is an agentic browser? Features and how to use them safely Sandhills Medical Foundation warns patients of data breach Cybercriminals say they hacked Massachusetts Development Finance Agency, its second breach in 2 years STELIA Aerospace confirms cyber attack on North American systems. $2.07 million ransom issued Debt collector Rodenburg Law Firm warns 81,307 people of data breach Healthcare ransomware roundup: Q1 2026 stats on attacks, ransoms, and data breaches How to block ads on Paramount Plus A complete guide to smart speaker privacy What is the Great Firewall of China Cybercriminals say they hacked Rusk County, WI What is a decentralized VPN? Do you need a dVPN? Southern Illinois Dermatology warns patients of data breach that leaked SSNs 92,000 people notified of data breach following cyber attack at Puerto Rican hospital Cybercriminals say they hacked Minidoka Memorial Hospital, demand ransom What is sensitive data? Types and how to protect yourself Inside RAMP: What a leaked database reveals about Russia’s ransomware marketplace What is a passphrase? Are they safer than passwords? Phoenix Art Museum warns of data breach that leaked SSNs Mozilla VPN vs NordVPN – VPN Comparison Guide Cookeville Regional Medical Center warns 338,000 people of data breach Antimalware vs Antivirus: What’s the difference? What is URL phishing? Examples and how to stay safe How to use a VPN in Bhutan (and the best options) Cybercriminals give Brockton, MA hospital one week to pay ransom after hack Is Truth Social safe? Everything you need to know What is cyberwarfare? Medical implant maker TriMed warns 80,000+ people of data breach Ransomware roundup: Q1 2026 Heart South Cardiovascular Group warns 46,000+ people of data breach Cybercriminals say they hacked Community College of Beaver County Critical Infrastructure at Risk: 179 ICS Devices Exposed Online
Ransomware roundup: April 2026
Rebecca Mood · 2026-05-05 · via Comparitech

Ransomware roundup_ April 2026

In April 2026, ransomware attacks dropped by nearly 22 percent, falling to the lowest level in six months. A total of 628 ransomware attacks were recorded in April, following a peak in March (801).

Attacks on government entities decreased significantly with less than half the number reported in April (19) compared to March (41).

The only sector that didn’t see a decline was the healthcare sector. Here, attacks increased by nearly 10 percent, rising from 41 in March to 45 in April.

Within the business sector, attacks declined across all industries bar one – healthcare. Attacks on businesses operating within the healthcare sector (e.g. pharmaceutical/medical device manufacturers and healthcare tech companies) remained at a consistent level – 31 attacks were recorded in both March and April 2026.

As our recent Q1 healthcare ransomware report found, both healthcare providers and healthcare businesses remain a key target for hackers.

Prime examples in April include the attack on healthcare provider Signature Healthcare and Dutch healthcare tech company ChipSoft.

The attack on Signature Healthcare forced the hospital to resort to downtime procedures, divert ambulances, and cancel chemotherapy appointments. Anubis claimed the attack and said it stole 2 TB of data. The attack on ChipSoft caused mass disruption, impacting the company’s electronic health record (EHR) platform, used by around 80 percent of hospitals in the Netherlands. Patient data was also deleted. Ransomware group Embargo claimed the attack and theft of 100 GB of data.

April’s dip in attacks can be attributed somewhat to a dip in claims from the most dominant strain of recent months – Qilin. The group’s claims dropped by 28 percent from March (145) to April (105).

Key findings for April 2026

  • 628 attacks in total — 43 confirmed attacks (confirmed by the entity involved)
  • Of the 43 confirmed attacks:
    • 27 were on businesses
    • 8 were on government entities
    • 4 were on healthcare companies
    • 4 were on educational institutions
  • Of the 585 unconfirmed attacks:
    • 524 were on businesses
    • 11 were on government entities
    • 41 were on healthcare companies
    • 9 were on educational institutions
  • The most prolific ransomware gangs were Qilin (105), The Gentlemen (67), and DragonForce (60)
  • INC had the most confirmed attacks (5), followed by Payload and The Gentlemen (4 each), and LockBit and DragonForce (3 each)
  • Nearly 125 TB of data was stolen across all of these attacks
  • The US saw the most attacks (260), followed by Canada (32), the United Kingdom (30), and Germany (29)

Ransomware attacks by sector

Healthcare

Attacks on healthcare providers increased by 10 percent from March 2026 to April 2026, rising from 41 to 45. Four attacks were confirmed in April.

Three of the confirmed attacks took place in the United States. As well as Signature Healthcare (noted above), Minidoka Memorial Hospital noted disruptions to its systems following an attack over Easter weekend. New group, Blackwater, claimed the attack, saying it stole 577 GB from the hospital.

An attack on Advanced Diagnostic Imaging (AdvancedHEALTH) was confirmed over the weekend after one of its clinics (Columbia Surgical Partners) said it was unable to access electronic medical records. The hackers are unknown.

In Australia, the Bendigo & District Aboriginal Co-operative was targeted in early April but services to the community weren’t significantly impacted. INC claimed this attack.

Blackwater lists Minidoka Memorial Hospital on its data leak site.
Blackwater lists Minidoka Memorial Hospital on its data leak site.

During the first four months of 2026, we’ve recorded 165 attacks on the healthcare sector. This is a 10 percent increase from the same period of 2025 (150). 31 attacks throughout 2026 have been confirmed.

Government

Attacks on government entities dropped dramatically in April 2026, falling from 41 in March 2026 to 19 in April (54%). Eight attacks in April have been confirmed to date.

Four attacks were confirmed in the US. Three of these (Kent District Library, the City of Ardmore, and Adams County) haven’t been claimed by a group as of yet. Yesterday, the City of Ardmore confirmed it hadn’t met its hackers’ ransom demands of $300,000, meaning we’ll likely see a claim from a group soon if data has been stolen.

Interlock claimed an attack on Winona County — the second attack suffered by the Minnesota county in 2026. Interlock said it had stolen 1.9 TB of data.

Interlock lists Winona County, MN on its data leak site.
Interlock lists Winona County, MN, on its data leak site.

Elsewhere, Anderlues la Commune in Belgium was targeted by The Gentlemen. Another attempt was made on the municipality a week later but this was unsuccessful. Dorotea Kommun in Sweden was targeted by INC and the Rural Municipality of Gimli in Canada was targeted by Payload. German local authority Verbandsgemeinde Sprendlingen-Gensingen confirmed an attack but the hackers remain unknown.

From January to April 2026, we’ve noted 120 attacks on government entities – a 23 percent decrease from the same period of 2025 (156). 49 attacks have been confirmed in 2026 so far.

Education

Attacks on the education sector dipped by 32 percent in April 2026, dropping to 13 from 19 in March 2026. Four attacks were confirmed in April.

Two of the confirmed attacks were claimed by Payload. Franziskusschule Wilhelmshaven in Germany and B3 Bruck an der Mur in Austria. The latter confirmed no ransom was paid.

KRYBIT claimed an attack on Hong Kong school The Church of Christ in China Kei To Secondary School, while the hackers remain unknown in an attack on Spring Lake Park School District in the US.

2026 so far (up to April) has seen 68 attacks on the education sector – a drop of 31 percent (from 99) in the same period of 2025. Throughout 2026, 21 attacks have been confirmed.

Businesses

551 attacks on businesses were recorded in April 2026, a drop of 21 percent from March 2026 (698). 27 attacks were confirmed in April.

As we have already noted, attacks on businesses operating within the healthcare sector remained at a consistent level last month. 31 attacks were recorded in both March and April 2026.

Alongside ChipSoft, three other attacks were also confirmed:

  • Nordenta A/S, Denmark – claimed by Kairos with 1.68 TB allegedly stolen
  • MomCreate Co., Ltd. (CureSmile), Japan – unknown hackers
  • Kukje Pharm Co., Ltd., South Korea – claimed by Gunra with 54 GB allegedly stolen

Eight attacks were also confirmed on manufacturers with two of these claimed by The Gentlemen (Gem Terminal Industry Co., Ltd., Taiwan, and Heinrich Kopp GmbH, Germany) and two by LockBit (Pricon Microelectronics, Inc., Philippines, and Shun Hing Systems Integration Co., Ltd., Hong Kong).

DragonForce claimed an attack on Lift AG, Switzerland, where systems were stabilized after four days. And Rhysida added STELIA Aerospace North America Inc. to its data leak site, issuing a $2.07 million ransom for 10 TB of data.

Grand Process Technology Corporation, Taiwan, and Shin FA-COM Co., Ltd., Japan, also confirmed attacks but the hackers remain unknown.

Another tech company, YCC Information Systems Co., Ltd. in Japan also confirmed an attack last month with a number of its customers warning of data breaches. At the time of writing, nearly 755,000 people are thought to have been impacted. Hackers unknown.

From January to April of this year, we’ve noted 2,500 attacks on businesses worldwide, an increase of eight percent from the same period in 2025 (2,315).

The most prolific ransomware groups in April 2026

Remaining at the top spot is Qilin with 105 claims throughout April 2026. However, this figure was a 28 percent decline from the number of claims made in March 2026 (145).

In contrast, attacks by The Gentlemen remained relatively consistent (67 in April compared to 70 in March), while DragonForce upped the ante with its claims rising by more than 11 percent from 54 in March to 60 in April.

Other gangs with significant increases in attacks in April were PEAR (up 100 percent from 6 to 12) and Payload (up 21 percent from 14 to 17).

Payload and also saw the second-highest number of confirmed attacks (alongside The Gentlemen). As well as the three attacks via Payload mentioned above (Franziskusschule Wilhelmshaven, B3 Bruck an der Mur, and Rural Municipality of Gimli), it also claimed responsibility for an attack on the Jamaican finance company, JOH Investments Limited.

INC had the highest number of confirmed attacks with German construction company Berge-Bau GmbH & Co. KG, Singaporean water damage restoration company BELFOR (Asia) Pte Ltd, and utilities company Mastercom Australia, all confirming attacks (as well as Bendigo & District Aboriginal Co-operative and Dorotea Kommun mentioned above).

Only one attack was confirmed for Qilin, which was Travel Expert (Asia) Enterprises Limited in Singapore.

April 2026 ransomware attacks by country

The US was the top target last month with 260 attacks in total. This was a 31 percent decrease from March 2026 (379).

Canada saw the second-highest number of attacks (32), which was a 23 percent increase from March (26). Two attacks (STELIA and the Rural Municipality of Gimli) were confirmed.

The United Kingdom also saw an increase in attacks, rising from 27 in March to 30 in April. One attack was confirmed here on automotive data expert, Autovista. The attack, which took place on April 11, 2026, caused significant disruptions to systems across Europe and Australia. Restoration is ongoing but nearly complete as of May 4.

Australia also saw an increase in attacks (up 45%), as did Germany (up 7%), while attacks declined in Italy (down 8%), France (down 34%), and Spain (down 11%).

Data breaches confirmed in April 2026

As well as the significant breach reported by YCC Information Systems Co., Ltd., a number of other companies reported breaches in April 2026. The largest of these are:

  • Sandhills Medical Foundation, Inc. – notifying 169,017 people of a breach from May 2025. Claimed by INC
  • Southern Illinois Dermatology – notifying 160,312 people of a breach from November 2025. Claimed by Insomnia
  • City of Suffolk – notifying 157,725 people of a breach from February 2026. Claimed by Cloak with 2.5 TB stolen
  • Rodenburg Law Firm – notifying 81,307 people of a breach from August 2025. Claimed by Akira with 144 GB stolen

Confirmed vs unconfirmed attacks

We label a ransomware attack as “confirmed” when a) the targeted organization publicly discloses an attack that involved ransomware, or b) the targeted organization publicly acknowledges a cyber attack that coincides with a claim made by a ransomware group. If a ransomware group claims that it successfully attacked an organization, but the organization never acknowledged an attack, then we label the attack as “unconfirmed”.

An attack might be unconfirmed because the ransomware group making the claim is lying, or because the targeted organization chose not to disclose the attack to the public. Ransomware groups post their attack claims on their respective websites, where the data is auctioned or released when organizations don’t meet their ransom demands.

Organizations in the US are required to disclose data breaches, which often result from ransomware attacks, to state officials when they meet certain thresholds. Not all countries have breach disclosure laws.

When an attack is confirmed, it is removed from our list of unconfirmed attacks. Therefore, we must allow for some changes in figures when comparing monthly figures, especially when using unconfirmed attacks. This is due to claims from ransomware groups often coming a month later than the attack was carried out–if not longer. For example, if a ransomware gang claims an attack in January 2026, it may later be confirmed as an attack in December 2025 and will, therefore, be attributed to a different month.

You can view all attacks, from 2018 to present via our worldwide ransomware tracker here.