Just three ransomware groups were responsible for almost half of all ransomware attacks during the last month, analysis of reported incidents has revealed.<\/p>\n
According to cybersecurity analysts at Check Point, a total of 672 ransomware<\/a> incidents were reported during March 2026, representing an increase in attacks compared with the previous month.<\/p>\n The figures, released on April 9, detailed how three ransomware operations dominated the attack landscape, as they accounted for 40% of incidents.<\/p>\n Qilin ransomware group<\/a> alone was responsible for 20% of ransomware attacks. The ransomware-as-a-service (RaaS) operation has been active since 2022 and remains a prominent cyber threat.<\/p>\n Since early 2025, Qilin has significantly expanded affiliate recruitment and victim disclosures, which last year included a disruptive ransomware attack on global brewing giant Asahi<\/a>.<\/p>\n During the same period, Akira ransomware<\/a> accounted for 12% of all ransomware attacks. Akira has remained a threat since it first appeared in 2023 and the ransomware group has extorted hundreds of millions of dollars in ransom payments<\/a>.<\/p>\n The group targets Windows, Linux, and ESXi systems and has shown an increased preference for targeting organizations in the business services and industrial manufacturing sectors.<\/p>\n Akira has continued to evolve its capabilities, researchers recently disclosed how the ransomware is now capable of completing all stages of an attack<\/a> in under one hour from the initial compromise.<\/p>\n Dragonforce<\/a> RaaS was responsible for 8% of ransomware attacks during March. According to Check Point, Dragonforce’s activity accelerated, something which researchers attributed to absorption of displaced RansomHub<\/a> affiliates and a spike in social engineering<\/a> campaigns.<\/p>\n While the top three malicious actors accounted for 40% of incidents, a total of 47 different ransomware groups publicly impacted organizations worldwide during the period. Organizations in the United States accounted for just over half (52%) of victims.<\/p>\n “Attackers continue refining precision, timing, and targeting, exploiting seasonal cycles, emerging technologies, and operational blind spots,” said Check Point research.<\/p>\nHalf of Ransomware Attacks Target the US<\/strong><\/h2>\n