Ransomware Attacks Have Soared 30% in Recent MonthsRansomware Attacks Have Soared 30% In Recent MonthsSatnam Narang: We Have Only Scratched The Surface of AI by The Cyber Express by Cyble

Ransomware attacks have soared 30% since late last year, and they’ve continued that trend so far in 2026, with many of the attacks affecting software and manufacturing supply chains. Those are some of the takeaways of new research published by Cyble today, which also looked at the top ransomware groups, significant ransomware attacks, new ransomware groups, and recommended cyber defenses. Ransomware groups claimed 2,018 attacks in the last three months of 2025, averaging just under 673 a month to end a record-setting year. The elevated attack levels continued in January 2026, as the threat groups claimed 679 ransomware victims. In the first nine months of 2025, ransomware groups claimed an average of 512 victims a month, so the recent trend has been more than 30% above that, Cyble noted. Qilin was once again the top ransomware group, claiming 115 victims in January. CL0P was second with 93 victims after claiming “scores of victims” in recent weeks in an as-yet unspecified campaign. Akira remained among the leaders with 76 attacks, and newcomers Sinobi and The Gentlemen rounded out the top five. CL0P’s recent campaign was a factor in both of those increases. Victims in the latest campaign have included 11 Australia-based companies spanning a range of sectors such as IT, banking and financial services (BFSI), construction, hospitality, professional services, and healthcare. Cyble documented 10 significant ransomware attacks from January, many of which had supply chain implications, including attacks on a major U.S. manufacturer of telecommunications equipment, an India-based IT services company, and a Hong Kong–based components manufacturer. Cyble also documented the rise of three new ransomware groups: Green Blood, DataKeeper and MonoLock.