Global Ransomware Incidents Increase 48% in May 2026 - Mexico Business News

All Multimedia Expert Contributor Entrepreneurs Tech Talent Energy Oil & Gas Mining Health Automotive Aerospace Finance & Fintech Infrastructure Sustainability Professional Services E-Commerce & Retail Agribusiness & Food Logistics Mobility Trade & Investment Policy & Economy Cybersecurity AI, Cloud & Data Chemicals By Diego Valverde | Journalist & Industry Analyst - Tue, 06/16/2026 - 13:10 Global cyber-attack volumes moderated in May 2026, but ransomware incidents, GenAI-related data exposure risks, and travel-focused phishing campaigns expanded.   Global cyber attacks declined 7% month over month in May 2026, averaging 2,055 weekly attacks per organization, reports Check Point Research. However, ransomware incidents increased 48% year over year, while GenAI-driven data exposure and travel-sector phishing campaigns continued to expand across enterprise environments. The apparent decline in attack volumes does not indicate a reduction in cyber risk. According to Check Point Research, threat actors continue to adjust their timing, infrastructure, and targeting strategies as organizations expand their digital footprints and adopt new technologies. "Short-term volume moderation does not equal reduced risk," says the company. "Adversaries keep recalibrating timing, tools, and targeting, and May is a clear example of that pattern." The latest threat intelligence data from Check Point Research shows that cyber activity is evolving beyond simple attack-volume measurements. While overall attack frequency softened from April's rebound, several indicators point to a restructuring of the threat landscape rather than a slowdown. Education remained the most targeted industry globally, recording an average of 4,641 weekly cyber attacks per organization in May, a 7% increase compared to the same period last year. Government organizations followed with 2,620 weekly attacks, while telecommunications companies recorded 2,583. More notable shifts occurred in sectors that historically received less attention from threat actors. Agriculture experienced a 51% year-over-year increase, reaching 2,243 weekly attacks per organization. Hospitality, travel, and recreation rose 24% to 2,291 weekly attacks, while construction and engineering increased 23% to 1,999. According to Check Point Research, growing digitalization across these industries, combined with the widespread availability of automated attack tools, has expanded the attack surface available to cybercriminals. Regionally, Latin America remained the most targeted geography, averaging 3,149 weekly attacks per organization, up 13% year over year. The data reflects a pattern in which digital transformation initiatives continue to advance faster than cybersecurity maturity across many organizations. At the same time, enterprises are facing additional risks associated with GenAI adoption. Check Point Research found that one in every 25 GenAI prompts submitted from enterprise networks carried a high risk of sensitive data leakage. Furthermore, 91% of organizations using GenAI tools were exposed to this risk category, while 22% of prompts contained potentially sensitive information. Ransomware Reaches Highest Growth Rate of 2026 The most significant development during May was the acceleration of ransomware activity. Check Point Research recorded 698 publicly reported ransomware attacks worldwide, compared with 472 incidents in May 2025, representing a 48% year-over-year increase and the fastest ransomware growth rate observed during 2026. The increase was distributed across all major regions. Asia recorded a 119% increase, the European Union, the Middle East, and Africa increased 40%, and the Americas rose 39%. Business services organizations were the most affected segment, accounting for 35% of all ransomware victims. Reported incidents within the sector increased from 54 to 248 in a single year, representing growth of 359%. Consumer goods and services recorded a 223% increase, while industrial manufacturing experienced a 50% rise. North America accounted for 49% of reported ransomware victims globally. The European Union represented 22%, and Asia-Pacific represented 19%. The United States alone accounted for 43% of all reported ransomware victims worldwide. The ransomware ecosystem also became increasingly fragmented. While the three most active groups accounted for 39% of reported incidents, an additional 58 groups remained operational during May. According to Check Point Research, Qilin led all ransomware operators, accounting for 14% of published attacks. The Gentlemen ranked second with 10%, despite having no recorded activity during May 2025. DragonForce ranked third with 8% after expanding its affiliate network throughout the first months of 2026. Travel Industry Becomes a Prime Target for Phishing  Beyond ransomware, researchers identified a parallel increase in travel-related cybercrime as the summer vacation season approached. The hospitality, travel, and recreation sector has experienced one of the fastest increases in cyber attacks globally. Attack volumes more than doubled over the last three years, rising from 1,032 weekly attacks per organization in May 2023 to 2,291 in May 2026, representing cumulative growth of 122%. Check Point Research attributes the trend to the concentration of personal, financial, and travel-related information handled by the sector, combined with seasonal booking surges that create opportunities for social engineering campaigns. In May 2026 alone, researchers identified 47,318 newly registered travel-related domains, a 33% increase from April and 19% higher than May 2025. One out of every 112 domains was already classified as malicious or suspicious. The investigation uncovered multiple large-scale phishing infrastructure campaigns. These included hundreds of hotel-themed domains, travel reward scams impersonating financial brands, and domain-saturation campaigns targeting travel companies across dozens of top-level domains. Researchers also identified active phishing websites impersonating major travel platforms, including Booking.com, Airbnb, and Skyscanner. These fraudulent websites were designed to collect login credentials, payment information, and booking deposits from travelers. The findings highlight a broader trend affecting both consumers and enterprises. Travel-related phishing campaigns increasingly target employees who access corporate systems while traveling, creating additional exposure for organizations beyond direct financial fraud. Check Point Research recommends that organizations strengthen employee awareness programs, implement multifactor authentication, monitor GenAI usage policies, and reinforce ransomware preparedness measures.  Photo by:   Unsplash TAGS: Cybersecurity ransomware Check Point GenAI AI Security Data Privacy Cloud Security Digital Transformation cyberattacks Defensive AI Phishing Travel Industry YOU MAY LIKE Global Ransomware Incidents Increase 48% in May 2026 Why Nonprofits Have Become Prime Targets in Modern Cyber Conflict Ransomware Trends: Bypassing Security With Rapid Attacks Cybercrime “Industrialization” Keep Growing in Latin America Latin America Leads Globally in Ransomware Attacks AI Industrializes Cybercrime, Ransomware Surges 389%: Fortinet Lack of CISOs Leaves Companies Worldwide Exposed to Cyber Risks Cybersecurity Prioritizes Identities, Resilience: NTT DATA MOST POPULAR Agribusiness & Food Tomato, Potato Prices Drive Up Mexico’s Food Costs E-Commerce & Retail Mercado Libre Commits US$4.6 Billion to Mexico, Adds 8,500 Jobs Chemicals PEMEX Commits MX$93 Billion to Rebuild Petrochemicals Sustainability Ellen MacArthur Launches Bio-Based Circular Economy Guide Sustainability Google, American Airlines Sign Landmark SAF Agreement Automotive Mexico Auto Logistics Grow on Nearshoring Demand Oil & Gas PEMEX April Exports: Europe Overtakes the Americas Av. Paseo de la Reforma 180, piso 20, Col. Juárez, Cuahutémoc, 06600, Ciudad de México. Follow Us Our Categories Entrepreneurs Tech Talent Energy Oil & Gas Mining Health Automotive Aerospace More Finance & Fintech Infrastructure Sustainability Professional Services E-Commerce & Retail Agribusiness & Food Logistics Mobility Trade & Investment Policy & Economy Cybersecurity AI, Cloud & Data Chemicals © 2025 Mexicobusiness.News. A Mexico Business Company. All Rights Reserved.