Qilin, The Gentleman Lead April Ransomware Surge
DARKFEED’s April 2026 summary reveals a significant spike in ransomware and cyber-attacks, with the United States experiencing the brunt of the activity, tallying 353 incidents. The United Kingdom (34) and Germany (33) followed distantly. This geographic distribution underscores the persistent targeting of economically robust nations, which offer the highest potential for lucrative payouts.
Sector-wise, Business Services (79), HealthCare (78), and Manufacturing (69) bore the heaviest impact. This pattern is consistent with attackers’ focus on critical infrastructure and industries handling sensitive data or operating with tight operational dependencies, where downtime is costly. Legal and Technology sectors also saw substantial activity, indicating a broad targeting strategy.
Qilin emerged as the most prolific group with 111 attacks, followed by The Gentleman (72) and DragonForce (55). The continued activity of Lockbit (31) alongside newer, more aggressive groups like Qilin demonstrates the dynamic and competitive nature of the ransomware ecosystem. Defenders must recognize that established players remain dangerous while new entrants rapidly scale operations, often with novel tactics.
What This Means For You
- If your organization operates in Business Services, HealthCare, or Manufacturing, you are a prime target. Attackers like Qilin and The Gentleman are highly active and effective. Review your incident response plans, test your backups, and ensure robust network segmentation. Focus on hardening defenses against common initial access vectors, as these groups are relentless.
Written by SCW Threat Desk
Related coverage on
High-Risk AI Browser Extensions Steal Data and Exfiltrate Passwords
Palo Alto Unit 42 has uncovered a significant threat in the form of high-risk AI browser extensions. These tools, often masquerading as productivity enhancers, are...
Congress Punts FISA Renewal to June, Raising Surveillance Questions
Congress has once again punted the renewal of Section 702 of the Foreign Intelligence Surveillance Act (FISA), pushing the deadline to June. The latest House...
Hackers Hijack Cargo Worth Millions Through System Compromises
Cyber actors have spent the last two years compromising the systems of freight brokers and carriers, according to the FBI. This allows them to impersonate...