Ransomware Activity Surges: CoinBase Cartel Dominates Latest Attacks

April 19, 2026 12:49 /MEDIUM

Written by SCW Threat Desk Threat Intelligence

SCW darkwebthreat-intelransomwaremalwaredata-breachdarkfeed

DARKFEED reports a significant spike in ransomware and breach activity over the last 24 hours, with seven distinct incidents identified. The United States remains a prime target, experiencing two attacks, while Italy, France, Croatia, and Canada each saw one incident. This geographic spread underscores the indiscriminate nature of modern ransomware operations.

The Business Services sector bore the brunt of these attacks, accounting for three incidents. Technology, Transportation, Engineering, and Retail sectors each reported one attack. The most prolific threat actor in this snapshot is CoinBase Cartel, responsible for five out of the seven reported incidents. Qilin and Black Nevas each claimed one attack. This concentration of activity by CoinBase Cartel indicates a targeted, high-volume campaign from this group.

This data confirms that ransomware groups are not slowing down. They are continuously refining their targeting, focusing on sectors rich with valuable data or critical infrastructure. The prevalence of CoinBase Cartel in this brief window suggests they are currently highly active and effective, making them a priority for defenders.

What This Means For You

If your organization operates in Business Services, Technology, or Transportation, you are currently at elevated risk. Assess your perimeter defenses against known CoinBase Cartel TTPs. Review your incident response plans and ensure your backups are isolated and tested. Proactive threat hunting for indicators associated with CoinBase Cartel, Qilin, and Black Nevas is critical right now.

What This Means For You

Related coverage on DARKFEED

ADT Confirms Data Breach After ShinyHunters Extortion Threat

npm Supply Chain Evolves: Wormable Malware, CI/CD Persistence Detected

Cisco Firestarter Malware Persists Through Updates