Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month

Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month - Infosecurity Magazine Infosecurity Magazine Home » News » Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month Just Three Ransomware Gangs Accounted for 40% of Attacks Last Month News 10 April 2026 Written by Danny Palmer Deputy Editor , Infosecurity Magazine Just three ransomware groups were responsible for almost half of all ransomware attacks during the last month, analysis of reported incidents has revealed. According to cybersecurity analysts at Check Point, a total of 672 ransomware incidents were reported during March 2026, representing an increase in attacks compared with the previous month. The figures, released on April 9, detailed how three ransomware operations dominated the attack landscape, as they accounted for 40% of incidents. Qilin ransomware group alone was responsible for 20% of ransomware attacks. The ransomware-as-a-service (RaaS) operation has been active since 2022 and remains a prominent cyber threat. Since early 2025, Qilin has significantly expanded affiliate recruitment and victim disclosures, which last year included a disruptive ransomware attack on global brewing giant Asahi . During the same period, Akira ransomware accounted for 12% of all ransomware attacks. Akira has remained a threat since it first appeared in 2023 and the ransomware group has extorted hundreds of millions of dollars in ransom payments . The group targets Windows, Linux, and ESXi systems and has shown an increased preference for targeting organizations in the business services and industrial manufacturing sectors. Akira has continued to evolve its capabilities, researchers recently disclosed how the ransomware is now capable of completing all stages of an attack in under one hour from the initial compromise. Dragonforce RaaS was responsible for 8% of ransomware attacks during March. According to Check Point, Dragonforce’s activity accelerated, something which researchers attributed to absorption of displaced RansomHub affiliates and a spike in social engineering campaigns. Half of Ransomware Attacks Target the US While the top three malicious actors accounted for 40% of incidents, a total of 47 different ransomware groups publicly impacted organizations worldwide during the period. Organizations in the United States accounted for just over half (52%) of victims. “Attackers continue refining precision, timing, and targeting, exploiting seasonal cycles, emerging technologies, and operational blind spots,” said Check Point research. Ransomware remains one of the most persistent and potentially cyber threats to organizations around the world . Despite being a known cybersecurity issue for at least a decade, attacks have become more disruptive, difficult to fix and financially costly. Steps organizations can take to make the network robust against ransomware attacks include applying security patches and updates, enforcing multi-factor authentication on user accounts, and ensuring that the security team is well-resourced and has enough time to detect and examine potential red flags which might indicate attacks are in the network, prior to the ransomware being executed. You may also like Qilin Ransomware Gang Claims Asahi Cyber-Attack News 7 October 2025 Ransomware Attacks Fall in April Amid RansomHub Outage News 5 May 2025 London Ransomware Attack Led to 1500 Cancelled Appointments and Operations News 17 June 2024 Ransomware Rising Despite Takedowns, Says Corvus Report News 30 April 2024 UK Logistics Firm Forced to Close After Ransomware Breach News 28 September 2023 What’s Hot on Infosecurity Magazine? Read Shared Watched Editor's Choice Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings News 9 April 2026 1 Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities News 8 April 2026 2 Middle East Hack-for-Hire Operation Traced to South Asian Cyber Espionage Group News 9 April 2026 3 Iran‑Backed Threat Actors Hit US CNI Providers via Internet‑Facing OT Assets News 8 April 2026 4 STX RAT Targets Finance Sector With Advanced Stealth Tactics News 9 April 2026 5 Google Warns of New Threat Group Targeting BPOs and Helpdesks News 9 April 2026 6 The Death of the SIEM: Why Modern Security Demands a New Data Strategy Blog 31 March 2026 1 How Security Leaders Can Safeguard Against Vibe Coding Security Risks News Feature 6 April 2026 2 Anthropic Launches Project Glasswing to Use AI to Find and Fix Critical Software Vulnerabilities News 8 April 2026 3 Researchers Observe Sub-One-Hour Ransomware Attacks News 2 April 2026 4 Russian APT28 Hackers Hijack Routers to Steal Credentials, UK Security Agency Warns News 7 April 2026 5 Over $17bn Lost to Cyber Fraud in the Last Year, Warns FBI News 7 April 2026 6 Why Resilience‑Focused Cloud Design Is Your Best Defense Against Modern Attacks Webinar 18:00 — 19:00, 9 April 2026 1 How to Maintain the Intelligence Edge in a Disrupted Threat Landscape Webinar 15:00 — 16:00, 12 March 2026 2 How to Recover From a Cyber-Attack: A Step-by-Step Playbook Webinar 11:00 — 11:30, 24 March 2026 3 How To Enhance Security Operations with AI-Powered Defenses Webinar 15:00 — 16:00, 26 February 2026 4 How Trusted Time Strengthens Network Security Webinar 15:00 — 16:00, 19 February 2026 5 Securing M365 Data and Identity Systems Against Modern Adversaries Webinar 15:00 — 16:00, 22 January 2026 6 Exclusive Interview with OpenClaw's Security Advisor Podcast 13 March 2026 1 How Allianz Cyber Educator Daria Catalui Puts People First to Build a Human Firewall Interview 23 March 2026 2 Why Resilience‑Focused Cloud Design Is Your Best Defense Against Modern Attacks Webinar 18:00 — 19:00, 9 April 2026 3 AI Security and Governance Virtual Summit Virtual Summit 14:10 — 18:50, 28 April 2026 4 High-Tech Sector Overtakes Finance as Top Target for Cyber-Attacks, Mandiant Reports News 23 March 2026 5 Tycoon2FA Phishing Service Resumes Activity Post-Takedown News 23 March 2026 6 Close