Ransomware Threat Landscape Escalates
Key Questions
How much did ransomware attacks increase in the first half of 2026?
Ransomware attacks rose 20% year-over-year, reaching 5,275 incidents according to NordStellar data. This surge was partly driven by competition between groups like Qilin and The Gentlemen.
What is now the leading entry vector for ransomware attacks?
Identity compromise has overtaken software vulnerabilities as the top initial access method, per Sophos research. SMEs are particularly disadvantaged in defending against these attacks.
What new ransomware groups or techniques are emerging?
New groups like Spirals are using Rust-based malware for fast encryption, compromising networks in under 24 hours. Qilin and The Gentlemen competition contributed to 583 attacks in Q2 alone.
What sanctions have been issued against ransomware actors?
The EU sanctioned Trickbot leader 'Stern' (Vitaly Kovalev) for orchestrating over $300M in ransoms. The US sanctioned a VPN provider for enabling ransomware operations.
How did third-party risks manifest in recent incidents?
Deutsche Bank suffered a breach via the Unsafe ransomware group targeting a third party, exposing employee data. This highlights ongoing supply chain vulnerabilities in the threat landscape.
Ransomware attacks rose 20% in H1 2026 with 5,275 attacks (NordStellar). Identity compromise overtakes vulnerabilities as top entry vector (Sophos). New groups like Spirals use Rust and fast encryption. Qilin and The Gentlemen competition drives 583 Q2 attacks. EU sanctions Trickbot leader 'Stern' for $300M+ ransoms. US sanctions VPN provider enabling ransomware. Deutsche Bank third-party breach via Unsafe ransomware.