Ransomware Intelligence – jonas.colmsjo.com

Ransomware summary week 12, 2026

Week 12 saw Interlock exploit a Cisco FMC zero-day (CVE-2026-20131) for root access on enterprise firewalls, Medusa claiming Henry County Illinois and demanding $500,000, DragonForce listing Liverpool Philharmonic and Salford City College in the UK alongside Mercedes-Benz of Arlington, while Akira posted Czech manufacturer Motorpal and German industrial firm bdtronic, Payload ransomware hit Royal Bahrain Hospital threatening 110 GB of patient data, and LeakNet adopted ClickFix social engineering through compromised websites to scale operations.

Ransomware summary week 11, 2026

Week 11 was defined by the Handala wiper attack on medtech giant Stryker — which wiped 200,000 devices across 79 countries via Microsoft Intune — alongside Qilin claiming a Spanish school, Singaporean oilfield services, and South American manufacturers, while Genesis burst onto the scene listing eight US victims in a single day including healthcare providers and a Michigan municipality, and ShinyHunters demanded $65 million from Telus Digital after claiming nearly 1 petabyte of stolen data.

Ransomware summary week 10, 2026

Week 10 was dominated by the geopolitical fallout from Operation Epic Fury, with Iranian APT Seedworm backdooring a US bank, airport, and defense supplier, while Handala breached Sharjah National Oil Corporation exfiltrating 1.3 TB, and Qilin claimed Tennessee Valley Electric Cooperative and multiple manufacturing targets across three continents as DragonForce hit a Brazilian university and US healthcare.

Ransomware summary week 09, 2026

Week 9 saw ShinyHunters extort Wynn Resorts for $1.5M and breach CarGurus exposing 12.4 million accounts, while Qilin claimed Malaysia Airlines and the 67,000-member NYC Transit Workers Union, Handala targeted Israel’s largest healthcare network Clalit, and Chainalysis reported that 2025 ransomware payments cratered to $820M despite a 50% surge in attacks.

Ransomware summary week 08, 2026

Week 8 saw the University of Mississippi Medical Center shut down all clinics after a devastating ransomware attack, while NightSpire emerged as the most prolific group with 26 new victims in a single day, and LockBit 5.0 continued its cross-platform resurgence targeting organizations from Austrian healthcare to Mauritian hospitality.

Ransomware summary week 07, 2026

BridgePay payment gateway ransomware attack causes nationwide US payment outages affecting municipalities and utilities, while Qilin ransomware dominates with fresh victims across three continents including Augusta Housing Authority and Tulsa International Airport.

Ransomware summary week 06, 2026

Week 6 saw Qilin ransomware hit Romania’s Conpet oil pipeline operator and La Sapienza University in Rome, while DragonForce claimed a 97GB breach of German insurer HanseMerkur. CL0P continued targeting Australian organizations via IT service providers, and LockBit led daily ransomware claims in early February.

Ransomware summary week 05, 2026

Week 5 saw the FBI seize the RAMP cybercrime forum in a landmark takedown, while Qilin ransomware claimed Tulsa International Airport and Philippine Savings Bank among 34 daily victims. Two former US cybersecurity professionals pleaded guilty to ALPHV/BlackCat attacks, and TA584 expanded initial access operations with new Tsundere Bot malware.

Ransomware summary week 04, 2026

Week 4 saw the Belgian hospital AZ Monica ransomware attack disrupting patient care across Antwerp, while Qilin continued targeting Asian manufacturing with attacks on Singapore’s Neo Group and Thailand’s Charoenchai Transformer. WorldLeaks claimed 1.4TB from Nike, and two US cybersecurity professionals pleaded guilty to ALPHV ransomware attacks.

Ransomware summary week 03, 2026

Week 3 saw Qilin targeting Vietnam Airlines and Japanese manufacturers while Akira launched aggressive campaigns against US businesses. TridentLocker’s attack on Sedgwick Government Solutions exposed federal contractor vulnerabilities, and Ingram Micro disclosed a July 2025 breach affecting 42,000 employees.

Ransomware summary week 02, 2026

Week 02 of 2026 saw continued high-volume ransomware activity with Qilin emerging as the dominant threat group. Notable incidents include attacks on Romania’s critical…

Ransomware summary week 51, 2025

Week 51 of 2025 saw continued escalation in ransomware attacks globally, with Clop ransomware dominating headlines through its exploitation of Oracle E-Business Suite and…

Ransomware summary week 49, 2025

Week 49 of 2025 continued the alarming trend of escalating ransomware attacks globally, with significant incidents reported across all major regions. The United States…