March reflected a further escalation in ransomware activity, with incident volumes rising and multiple threat actors expanding operations simultaneously. Qilin emerged as the most dominant group with a sharp increase in activity, while several others, including Akira, Incransom, Nightspire, Dragonforce, and LockBit5, showed significant growth, indicating a highly competitive and rapidly scaling ecosystem. At the same time, a few groups declined, reinforcing the fluid and continuously shifting nature of ransomware operations. The threat model continues to evolve toward access-driven intrusions, with attackers leveraging credential compromise, exploitation of internet-facing vulnerabilities, and brokered access. Increased use of legitimate administrative tools, stealth-focused techniques, and rapid deployment through cloud and virtual infrastructure highlights a strong shift toward efficiency and evasion.
Geographically, the United States remained the most impacted region by a wide margin, followed by the United Kingdom, Canada, and major European economies, with continued expansion across Asia-Pacific and emerging markets. Industry targeting remained concentrated on sectors with high operational reliance and sensitive data exposure, particularly professional services, manufacturing, healthcare, and information technology.
Link to the Research Report: https://www.cyfirma.com/research/tracking-ransomware-march-2026/
#CyberSecurity #Ransomware #ThreatIntel #ETLM #CYFIRMA #ThreatLandscape #CyberRisk #DataExtortion #ExternalThreatLandscapeManagement #ETLM
https://www.cyfirma.com/
