The people who do ransomware attacks are getting faster and targeting kinds of companies. They are not just stopping computers from working they are making it hard for organizations to do their jobs. This is happening to all kinds of organizations from government agencies to companies that make things and provide technology.
The latest report from ThreatMon about ransomware in April 2026 shows that these attacks are getting bigger and are not about encrypting files. They are about causing problems for organizations by stealing data asking for money and hurting their reputation.
In April 2026 there were than 832 ransomware attacks around the world. The United States had the attacks with almost 39% of all the organizations that were targeted. Great Britain, Germany, France and Italy were also targeted a lot. The people who do these attacks like to go after organizations that’re important to society and that would have big problems if their computers stopped working.
The organizations that were targeted the most were:
These organizations are targeted because the people who do the attacks know that if they can stop them from working they will be more likely to pay the money that is being asked for. Organizations that make things provide healthcare. Offer services to other companies cannot afford to have their computers stop working for a long time.
The report talks about groups that do ransomware attacks, including:
What is interesting is that these groups do not all work the way. Some of them like to steal a lot of data and then make it public to put pressure on the organization. Others like to cause problems for the organization quickly as possible. Some of them are even working together. Sharing tools and infrastructure to make their attacks bigger.
The result is that the people who do ransomware attacks are getting better at what they do and are becoming harder to stop.
There were several big ransomware attacks in the report that show how these attacks are not just about encrypting files.
Government Organizations Are Being Targeted. One attack that is an example is the one that targeted the Philippines Department of Public Works and Highways. This organization is in charge of roads, bridges and other important infrastructure. If their computers are stopped from working it could cause problems for the country.
The report says that the people who did the attack may have gotten access to information about infrastructure projects, contractors and financial documents. This is not a problem for the organization but also for the country as a whole.
Another attack that is an example is the one that targeted SmartSystems. This company provides technology services to companies. If their computers are stopped from working it could cause problems for all the companies they work with.
This is a problem because the people who do ransomware attacks do not need to target each company individually. They can just target the companies that provide services to companies and cause problems for all of them at the same time.
The report also talks about an attack on Lincoln Property LLC, where the people who did the attack stole a lot of data. This is becoming a thing in ransomware attacks. The people who do these attacks are not just encrypting files they are also stealing data to use as leverage.
One of the things that the report shows is that ransomware attacks are not just about stopping computers from working. They are about causing problems for organizations and hurting their ability to do their jobs.
The people who do these attacks are targeting:
This means that organizations need to think about how to protect themselves in a way.
The report says that organizations should do things to protect themselves including:
But the biggest challenge is to be fast. The people who do ransomware attacks are getting faster and faster. Organizations need to be able to respond to attacks before they cause big problems.
The ransomware attacks in 2026 are not slowing down. They are getting bigger and more targeted. The people who do these attacks are not just encrypting files they are targeting the trust and ability of organizations to do their jobs.
For the people who are trying to stop these attacks the challenge is not just to detect them. It is to reduce the time, between when the attack happens and when they can respond to it.
More posts
Share this article
Found it interesting? Don’t hesitate to share it to wow your friends or colleagues
Subscribe to our blog newsletter to follow the latest posts
