![]()
GuidePoint Security, the cybersecurity advisor and services partner organizations rely on to protect what matters most, today released the GuidePoint Research and Intelligence Team’s (GRIT) Q2 2026 Ransomware and Cyber Threat Insights Report.
The report found that ransomware activity continued to climb in the second quarter of 2026 as threat actors increasingly use artificial intelligence as a productivity enabler. Threat actors claimed 2,279 reported ransomware victims in Q2 2026, a 7% quarter-over-quarter increase and a 43% year-over-year increase. GRIT also observed a record-high 91 active ransomware groups across 108 countries, reflecting a threat landscape that is growing in volume, reach and operational efficiency.
“AI is giving threat actors a faster path from stolen data to negotiation leverage,” said Grayson North, Principal Threat Intelligence Consultant at GuidePoint Security. “They can tailor their pressure on victims and professionalize negotiations without needing a major leap in capability. That changes how organizations need to prepare for extortion.”
Key findings from the report include:
- Ransomware victim volume continues to increase. Q2 2026 recorded 2,279 reported ransomware victims, up 7% from Q1 2026 and 43% from Q2 2025. Weekly victim postings never fell below 150 during the quarter.
- Active threat groups reached a record high. GRIT observed 91 active ransomware groups in Q2 2026, the highest number across all observed periods, with operations spanning 108 countries.
- Top threat actors continue to dominate activity. The five most prolific groups collectively claimed more than 40% of all recorded attacks. Qilin remained the most active group, while The Gentlemen continued its rapid ascent into the second spot, and DragonForce became the third most active group for the first time.
- AI is emerging as a threat actor productivity tool. Rather than enabling a wave of catastrophic AI-native attacks, GRIT observed threat actors using large language models to analyze exfiltrated data, personalize ransom negotiations and manufacture psychological pressure.
- Manufacturing remains the most impacted industry. Manufacturing accounted for nearly 15% of reported ransomware victims in Q2 2026. Manufacturing has maintained the top spot in GRIT’s analysis for several years.
“Defensive progress is forcing attackers to adapt,” North added. “Organizations have improved backup and recovery programs, but attackers are finding leverage that a system restore cannot erase. A strong restore strategy still matters, but it has to be paired with a clear understanding of what data could be exposed, how it could be weaponized and how to limit that leverage before an incident.”
The report also examines how data extortion is gaining ground over encryption, the escalation of supply chain and SaaS integration attacks, and the emergence of cloud-focused groups like FulcrumSec.
The GRIT Q2 2026 Ransomware & Cyber Threat Insights Report is based on data obtained from publicly available resources, vendor threat research, internal incident response case data and open-source intelligence collected from illicit forums and marketplaces.
For more information:
- Download the GRIT Q2 2026 Ransomware and Cyber Threat Insights Report
- Register for GRIT’s upcoming webinar
- Read our blog
- Explore more GRIT reports and other resources
About GuidePoint Security
GuidePoint Security helps organizations overcome the most complex cybersecurity challenges, mature their security posture, minimize risk and ensure compliance. As a trusted cybersecurity advisor and partner, GuidePoint keeps people, data, and operations safe. We deliver tailored cybersecurity services and offerings that adapt and scale to safeguard the nation’s leading organizations today, while preparing them to confidently face tomorrow’s cyber challenges. More than 5,900 organizations of all sizes and across every industry, as well as over half of U.S. cabinet-level agencies, rely on GuidePoint to strengthen their defenses and reduce risk. Stronger Together. Protecting What’s Next. Learn more at guidepointsecurity.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20260709079338/en/
Media gallery
