惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
WordPress大学
WordPress大学
云风的 BLOG
云风的 BLOG
Stack Overflow Blog
Stack Overflow Blog
MongoDB | Blog
MongoDB | Blog
腾讯CDC
V
V2EX
Martin Fowler
Martin Fowler
A
About on SuperTechFans
大猫的无限游戏
大猫的无限游戏
Blog — PlanetScale
Blog — PlanetScale
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
酷 壳 – CoolShell
酷 壳 – CoolShell
C
Check Point Blog
博客园 - 【当耐特】
Cisco Talos Blog
Cisco Talos Blog
The Hacker News
The Hacker News
K
Kaspersky official blog
Security Latest
Security Latest
H
Help Net Security
博客园_首页
美团技术团队
Spread Privacy
Spread Privacy
博客园 - 司徒正美
Hugging Face - Blog
Hugging Face - Blog
S
SegmentFault 最新的问题
G
Google Developers Blog
NISL@THU
NISL@THU
爱范儿
爱范儿
I
Intezer
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
阮一峰的网络日志
阮一峰的网络日志
N
News and Events Feed by Topic
P
Privacy International News Feed
Application and Cybersecurity Blog
Application and Cybersecurity Blog
S
Security @ Cisco Blogs
Schneier on Security
Schneier on Security
雷峰网
雷峰网
人人都是产品经理
人人都是产品经理
V
Vulnerabilities – Threatpost
W
WeLiveSecurity
P
Palo Alto Networks Blog
G
GRAHAM CLULEY
Hacker News: Ask HN
Hacker News: Ask HN
I
InfoQ
The Cloudflare Blog
F
Full Disclosure
SecWiki News
SecWiki News
宝玉的分享
宝玉的分享
N
Netflix TechBlog - Medium

Comparitech

How to watch McGregor vs Holloway 2 (UFC 329) from anywhere Medical billing firm MCBS warns 300,000+ patients of data breach - Comparitech Colorado Health Network warns 68,000+ people of data breach that leaked SSNs, credit cards, and medical records - Comparitech Middletown, OH warns 123,000+ people of data breach that leaked SSNs, financial and medical info - Comparitech DeGoogling your life: What is it and how do you do it? How to opt out of Meta AI data collection - Comparitech Is CurseForge safe? Common risks and how to mod safely - Comparitech Cybercriminals say they hacked New South Wales Rural Fire Service - Comparitech Grandview School District warns 9,000+ people of data breach 21 months later - Comparitech Which industry & country has the worst email security? An analysis of 5,800+ domains for SPF, DMARC, DKIM & MTA-STS protocols - Comparitech Kootenai County, ID warns residents of government data breach that leaked personal info - Comparitech What is Kik? Is it safe for kids? - Comparitech Cybercriminals say they hacked Reynella East College - Comparitech Are UK council websites adhering to government security guidelines? - Comparitech Bellflower Unified Schools warns students of data breach that leaked SSNs - Comparitech What are location services and how do they work? - Comparitech How to bypass Xbox age verification - Comparitech What is a Minecraft dedicated IP? Do you need one? The best Discord alternatives in 2026 - Comparitech How to watch UFC Freedom 250: Stream UFC White House online Taos Mountain Casino warns of data breach that leaked SSNs Cybercriminals give Delano Public Schools two weeks to pay ransom How to fix ‘Your connection is not private’ in Chrome Plaza Home Mortgage warns 138,000 people of data breach that leaked SSNs How to watch the NBA Finals live online from anywhere Cybercriminals take credit for Singing River Health System data breach How Spammers Are Hiding Behind Google and the New York Times Ransomware roundup: May 2026 Iowa hospital warns 24,000+ people of data breach that leaked SSNs, medical and financial info 80K+ people notified of data breach at Louisiana university that leaked SSNs & bank info Finance firm IMA warns 525,000+ people of data breach Auto lender IAC warns 79,000+ people of data breach that leaked SSNs Sandstone, MN says SSNs and financial info compromised in ransomware data breach Las mejores herramientas de gestión de Active Directory Die besten Active-Directory-Management-Tools I Migliori Strumenti di Gestione di Active Directory Las mejores herramientas de gestión de logs Die besten Log-Management-Tools I migliori strumenti di log management Watching You, Funded by You: Number of CCTV Cameras by UK Council & Police Force Las mejores herramientas SIEM para alertas de seguridad automatizadas Die besten SIEM-Tools für automatisierte Sicherheitswarnungen I migliori strumenti SIEM per gli avvisi di sicurezza automatizzati Software maker warns 200,000 Frost Bank customers in Texas of data breach Oregon employment firm notifies 142,000+ people of two data breaches claimed by ransomware gangs Cybercriminals say they hacked Harrison County, WV commission, demand ransom Cybercriminals say they breached AdvancedHealth, Tennessee clinic confirms Fluke Corp notifies 18,000+ people of data breach that leaked SSNs What is Token-Based Authentication? Tokens Explained Western Orthopaedics warns 113,000+ people of data breach that leaked SSNs, credit cards, and medical info What is ARP? ARP protocol explained What is symmetric encryption? Crunchyroll VPN not working? Fix buffering, errors & region blocks American Lending Center notifies 123,000+ people of data breach that leaked SSNs How to watch Oleksandr Usyk vs Rico Verhoeven online Cybercriminals say they hacked CarePoint Health, stole data Ransomware gang claims attack and data theft from UK city school Horizon Media reports data breach of SSNs, cybercriminals take credit Claude VPNs (and how to use Claude safely) What is GhostPairing on WhatsApp? What is a prompt injection attack? Where do leaked passwords end up? A statistical analysis of the dark web’s credential pipeline Ransomware roundup: April 2026 Suffolk, VA warns 157,000+ people of data breach that leaked SSNs, finances How to watch UFC 328 (Chimaev vs Strickland) from anywhere Cybercriminals say they hacked Winona County, MN (again) Keeper vs 1Password: Which password manager is best in 2026? What is F-Droid? Is it safe? Proton VPN Secure Core: What is it, and should you use it? What is an agentic browser? Features and how to use them safely Sandhills Medical Foundation warns patients of data breach Cybercriminals say they hacked Massachusetts Development Finance Agency, its second breach in 2 years STELIA Aerospace confirms cyber attack on North American systems. $2.07 million ransom issued Debt collector Rodenburg Law Firm warns 81,307 people of data breach Healthcare ransomware roundup: Q1 2026 stats on attacks, ransoms, and data breaches How to block ads on Paramount Plus A complete guide to smart speaker privacy What is the Great Firewall of China Cybercriminals say they hacked Rusk County, WI What is a decentralized VPN? Do you need a dVPN? Southern Illinois Dermatology warns patients of data breach that leaked SSNs 92,000 people notified of data breach following cyber attack at Puerto Rican hospital Cybercriminals say they hacked Minidoka Memorial Hospital, demand ransom What is sensitive data? Types and how to protect yourself Inside RAMP: What a leaked database reveals about Russia’s ransomware marketplace What is a passphrase? Are they safer than passwords? Phoenix Art Museum warns of data breach that leaked SSNs Mozilla VPN vs NordVPN – VPN Comparison Guide Cookeville Regional Medical Center warns 338,000 people of data breach Antimalware vs Antivirus: What’s the difference? What is URL phishing? Examples and how to stay safe How to use a VPN in Bhutan (and the best options) Cybercriminals give Brockton, MA hospital one week to pay ransom after hack Is Truth Social safe? Everything you need to know What is cyberwarfare? Medical implant maker TriMed warns 80,000+ people of data breach Ransomware roundup: Q1 2026 Heart South Cardiovascular Group warns 46,000+ people of data breach Cybercriminals say they hacked Community College of Beaver County Critical Infrastructure at Risk: 179 ICS Devices Exposed Online
Ransomware Roundup: H1 2026 stats on attacks, ransoms, and active gangs - Comparitech
Rebecca Moody · 2026-07-02 · via Comparitech

Ransomware roundup_ H1 2026 mid-year report

Global ransomware attacks reached a new high in H1 of 2026 with an average of 23 attacks per day.

During the first six months of 2026, we logged 4,217 ransomware attacks. This is an 11 percent increase on the second half of 2025 (3,809).

DateTotal Attacks# of DaysAttacks per Day
H1 20242,45618213
H2 20243,17918417
H1 20253,70618120
H2 20253,80918421
H1 20264,21718123

Of these 4,217 attacks, 484 were confirmed by the targeted organizations. The rest were claimed by ransomware groups on their data leak sites but have not been publicly acknowledged by the targets.

Attacks on governments and businesses rose by 12 percent, while the healthcare sector saw a four percent increase. Attacks on education dropped by 13 percent.

Within the business sector, the manufacturing industry remains the most targeted, accounting for just over 22 percent of attacks across all businesses (822 in total). Here, attacks increased by 10 percent when compared to H2 of 2025 (750).

This increase wasn’t the largest, though. Transportation companies saw the biggest uptick in attacks (up 52%). Healthcare businesses–those operating within the sector but not providing direct care, e.g. pharmaceutical companies and billing providers–also saw a large increase in attacks (up 35%), as did retailers (up 28%) and tech companies (up 23%).

Also of note in H1 2026 was a decline in the number of attacks carried out in the US. Here, attacks dropped by eight percent when compared to H2 2025. This is likely due to the large number of claims made by The Gentlemen. Unlike many of its counterparts, The Gentlemen’s attacks aren’t heavily concentrated in the US. Just over 17 percent of its attacks were carried out on US organizations, compared to 47 percent of Qilin’s attacks.

The Gentlemen also rose to become the most prolific ransomware strain in June 2026, knocking Qilin off the top spot for the first time in many months. It claimed 115 victims in June alone, compared to 78 from Qilin.

Key findings for H1 2026 ransomware attacks

  • 484 confirmed ransomware attacks
    • 319 were on businesses
    • 83 were on government entities
    • 49 were on healthcare companies
    • 33 were on educational institutions
  • 3,733 unconfirmed attacks*
    • 3,356 were on businesses
    • 102 were on government entities
    • 198 were on healthcare companies
    • 71 were on educational institutions
  • 5,019,204 records compromised in the confirmed attacks
  • Median ransom demand: $150,000 (average: $1.36M)
  • Qilin was the most prolific ransomware group with 641 victims in total, followed by The Gentlemen (464) and Akira (317)
  • Qilin (54) and The Gentlemen (51) had the most confirmed attacks
  • The United States was the most targeted country with 1,832 attacks in total, followed by Canada (200), Germany (164), the United Kingdom (157), Italy (131), France (117), and Spain (100)
  • China saw one of the biggest upticks in attacks from H2 2025 to H1 2026 (up 540% from 5 to 30)

*6 attacks were on unknown companies that couldn’t be attributed to a specific sector.

Ransomware attacks by sector

We categorize attacks into four sectors: business, education, government, and healthcare. All sectors bar education saw an increase in attacks from H2 2025 to H1 2026.

Ransomware attacks on government agencies

  • 83 confirmed attacks
  • 102 unconfirmed attacks
  • Median ransom demanded = $100,000 (Average: $372,820)
  • 15 entities confirmed they hadn’t paid a ransom and one (Murray County in the US) confirmed it had paid its hackers $200,000

Ransomware attacks on healthcare

  • 49 confirmed attacks
  • 198 unconfirmed attacks
  • Median ransom demanded = $310,000 (Average: $6.15 million – due to NetRunner’s $100M demand on Nippon Medical, see below)
  • 5 entities confirmed they hadn’t paid a ransom (none confirmed to have paid)

Ransomware attacks on education

  • 33 confirmed attacks
  • 71 unconfirmed attacks
  • Median ransom demanded = $384,440 (Average: $412,750)
  • 4 entities confirmed they hadn’t paid a ransom (none confirmed to have paid)

Ransomware attacks on businesses

  • 316 confirmed attacks
  • 3,359 unconfirmed attacks
  • Median ransom demanded = $100,000 (Average: $732,200)
  • 9 entities confirmed they hadn’t paid a ransom and 2 confirmed they had paid (Instructure and Weil, Gotshal & Manges LLP in the US)

As we have already noted, some business sectors were more heavily targeted than others, including:

  • Manufacturing – 822 attacks recorded (inc. 81 confirmed) – UP 10% from H2 2025 (750)
  • Service-based businesses – 609 attacks recorded (inc. 38 confirmed) – similar to H2 2025 levels (605)
  • Retail – 326 attacks recorded (inc. 28 confirmed) – UP 28% from H2 2025 (254)
  • Technology – 323 attacks recorded (inc. 30 confirmed) – UP 23% from H2 2025 (263)
  • Finance – 257 attacks recorded (inc. 22 confirmed) – similar to H2 2025 levels (260)
  • Legal – 233 attacks recorded (inc. 14 confirmed) – UP 15% from H2 2025 (202)

The top 10 biggest ransom demands in H1 2026

According to our data, the following organizations saw the biggest ransom demands (across confirmed attacks) in the first half of 2026. Note that most companies and ransomware groups do not disclose their ransom demands, so data is limited.

  1. Nippon Medical School Musashi Kosugi Hospital, Japan – $100 million: NetRunner demanded this astronomical ransom from the Japanese healthcare company in February 2026. Perhaps unsurprisingly, the medical school refused to meet the demands.
  2. Weil, Gotshal & Manges LLP, US – $18 million to $20 million: In late May 2026, the US legal firm is reported to have paid up to $20 million to the Silent Ransom Group (sometimes referred to as Luna Moth) to have stolen data deleted.
  3. Jones Day, US – $13 million: Silent Ransom Group also issued a hefty ransom demand to US legal firm Jones Day in March 2026. There’s no evidence to suggest this was paid.
  4. UnoAerre Industries S.p.A., Italy – $4.48 million: The Italian manufacturer was issued with a $4.5 million demand by unknown hackers in May 2026. UnoArre refused to pay.
  5. Land and Agricultural Development Bank of South Africa (Land Bank) – $3.1 million: The government bank also refused to meet the ransom demands of its hackers (unknown) in January 2026.
  6. STELIA Aerospace North America Inc., Canada – $2.07 million: Rhysida issued the aerospace manufacturer with this ransom in April 2026 for 10 TB of stolen data. Stelia confirmed to Comparitech that the incident had been contained to the Stelia North America IT environment and didn’t impact its broader Airbus Atlantic network.
  7. TINYpulse (WebMD Health Services), US – $2 million: ShadowByt3$ issued the $2 million to Nintendo after it was caught up in this breach. The hackers said they had breached 859 MB of data via the third party (TINYpulse).
  8. Nidec Chaun-Choung Technology Corporation, Taiwan – $2 million: New ransomware group Blackfield came forward to claim this June 2026 attack on the Taiwanese manufacturer, issuing a $2 million ransom for 2 TB of stolen data.
  9. Delano Public Schools, US – $1.2 million: LockBit made various threats to the US school district after breaching its network in May 2026. Its demand of $1.2 million wasn’t met due to LockBit being a sanctioned organization, which legally ruled out any negotiations.
  10. Lørenskog kommune, Norway – $1.18 million: CMD Organization placed a 20 BTC ransom on the data it had said it had stolen from the Norwegian municipality during its attack in April 2026.

The top 5 biggest data breaches via ransomware in H1 2026

All five of the biggest reported data breaches from 2026 so far occurred in Japan. It’s important to note here that this doesn’t necessarily point toward Japan being subject to bigger breaches, but is more likely to be a result of a prompt and efficient data breach reporting system.

  1. Nippon Telenet Co., Ltd., Japan – 1,041,044 affected: Having noted a system failure on March 9, 2026, due to a ransomware attack, the utility company later confirmed that over 1 million pieces of personal information may have been involved in the attack. The hackers remain unknown.
  2. YCC Information Systems Co., Ltd. – 755,000 affected: As it stands, around 755,000 people were impacted in this attack on the Japanese tech company in April 2026. Various entities have confirmed they’ve been impacted in the breach, including Yamagata City where over 500,000 people were affected. Hackers unknown.
  3. CKC Network, Inc. and Gakusan Co., Ltd., Japan – 664,000 affected: The education provider was targeted in an attack by unknown hackers in May 2026.
  4. MEDICUS SHUPPAN, Publishers Co., Ltd, Japan – 641,000 affected: In March 2026, the publishing company was targeted in an attack that was later claimed by The Gentlemen. 641,000 entries of personal data were affected, which may include some duplicate entries for the same person).
  5. Anabuki Housing Service Co., Ltd., Japan – 207,773 affected: Initially, the housing agency said that approximately 496,000 pieces of personal information may have been involved in this attack in February 2026 (claimed by Qilin). In May, it revised this figure to 207,773.

Also in the top 10 are F-One Co., Ltd., Japan (170,000), Köfteci Yusuf, Turkey (163,000), Beacon Mutual Insurance Company, US (162,439), the City of Suffolk, US (157,725), and Plaza Home Mortgage, US (137,976).

The most prolific ransomware strains in H1 2026

Qilin takes the top spot overall with 641 attack claims, but in June it was overtaken for the first time in many, many months. In June 2026, Qilin added 78 victims to its data leak site. The Gentlemen added 115.

The Gentlemen has gained notoriety in recent months, with a large number of its attack claims confirmed. In June alone, it was confirmed as the gang behind seven attacks, including the one on Australia’s Mackay Sugar, which caused huge disruptions to its operations.

Looking at The Gentlemen’s confirmed attacks throughout the first half of 2026 (50 in total), governments were a key target (10 attacks confirmed) as were manufacturers (10 attacks confirmed).

Across Qilin’s confirmed attacks (54 in total), governments were also a focus (9), as was healthcare (8).

Ransomware attacks by country in H1 2026

The US was the most heavily targeted country in the first half of 2026 with 1,832 attacks recorded here in total. This was an eight percent decrease on H2 of 2025’s figure, though (1,985).

Out of all the countries that saw the highest number of attacks in H1 of 2026, the US was the only one to see a decline. As mentioned, this could be due to the high number of claims from The Gentlemen, which aren’t concentrated within the US, unlike other groups.

Canada had the second-highest figure (200), a four percent increase from H2 of 2025 (192). Germany, the United Kingdom, Italy, France, and Spain made up the rest of the top most targeted countries, with Italy seeing the biggest increase in attack levels (up 66%).

China saw one of the biggest influxes in attacks, rising by 540 percent from 5 in H2 of 2025 to 30 in H1 of 2026. Chile also saw a big increase (up 200%), as did Hong Kong (up 167%), Taiwan (up 161%), Czechia (up 150%), and South Africa (up 140%).

Confirmed vs unconfirmed attacks

We label a ransomware attack as “confirmed” when a) the targeted organization publicly discloses an attack that involved ransomware, or b) the targeted organization publicly acknowledges a cyber attack that matches a claim made by a ransomware group. If a ransomware group claims that it successfully attacked an organization, but the organization never acknowledged an attack, then we label the attack as “unconfirmed.”

An attack might be unconfirmed because the ransomware group making the claim is lying, or because the targeted organization chose not to disclose the attack to the public. Ransomware groups post their attack claims on their respective websites, where the data is auctioned or released when organizations don’t meet their ransom demands.

Organizations in the US are required to disclose data breaches, which often result from ransomware attacks, to state officials when they meet certain thresholds. Not all countries have breach disclosure laws.

When an attack is confirmed, it is removed from our list of unconfirmed attacks. Therefore, we must allow for some changes in figures when comparing monthly figures, especially when using unconfirmed attack claims. Claims from ransomware groups often come about a month after the attack, if not longer. For example, if a ransomware gang claims an attack in January 2025, it may later be confirmed as an attack in December 2024 and will, therefore, be attributed to a different month.

All data is derived from our worldwide ransomware tracker (updated daily) – here .