Ransomware Attacks up 20% Year-Over-Year

Small and medium-sized businesses bore the brunt of ransomware activity. However, attacks against large enterprises surged by 74%.

Marina M Headshot
Adam121 Adobe Stock 315095274
adam121 AdobeStock_315095274

The latest findings from NordStellar reveal that ransomware attack volumes remained high from April to June 2026, sustaining the elevated baseline. The analysis also points to an intensifying fight for dominance between the two most active ransomware groups, The Gentlemen and Qilin, as well as a notable shift in victim targeting.

“The slight decrease in attacks shouldn’t be a sign to relax just yet,” says Vakaris Noreika, cybersecurity expert at NordStellar. “Ransomware accelerated in the last quarter of 2025, reaching record highs, and although the number of attacks has been slightly decreasing every quarter this year, we are now seeing a new alarming baseline of about 2,500 attacks per quarter.”

Key takeaways:

 

·       Nearly 2,581 ransomware incidents were recorded during April-June, reflecting a slight 4% decrease from 2,676 incidents recorded in Q1 2026. However, the attacks remain at a heightened baseline, indicating sustained threat activity.

·       A total of 5,257 ransomware attacks were recorded during January-June 2026. This marks a 20% increase from the 4,387 attacks recorded during the same period last year, signaling that the ransomware threat is growing despite quarterly fluctuations.

·       Qilin emerged as the most active ransomware group in Q2 with 299 attacks, followed closely by The Gentlemen with 284 attacks. Activity from other groups trailed significantly, with DragonForce ranking third at 147 attacks.

·       Small and medium-sized businesses (SMBs) — those with up to 200 employees and revenues under $25 million — bore the brunt of ransomware activity. However, attacks against large enterprises with revenues exceeding $1 billion surged by 74%, rising from 23 incidents in the first quarter to 40 incidents during the second.

·       The data also reveals that ransomware actors continue to primarily target companies in the United States, with 769 recorded ransomware cases in Q2 2026. The United States was followed by Canada with 97 cases, then Germany with 83 cases, the United Kingdom with 74 cases, and France with 51 cases.

·       Companies in manufacturing were hit the hardest, making up for 19.5% of all attacks. The information technology sector came second (10.7% of attacks), followed by professional, scientific, and technical services (8.3%), construction (7%), and healthcare (6.2%).

·       Ransomware actors utilize various schemes to coerce victims into payment, with 76.8% of ransomware negotiations including threats to publish or leak the data, and limited-time price discounts being offered in 45.5% of the negotiations.

Page 1 of 195
Next Page

Create a free Supply & Demand Chain Executive account to continue reading