Skip to content

Ransomware Attacks Surged 48 Percent in May 2026

The Point: Ransomware incidents reached a yearly peak in May 2026 with 698 registered cases, as attackers shift from classical attack methods to more profitable extortion campaigns.

Check Point Research recorded a record increase in publicly known ransomware incidents in May 2026 of 48 percent compared to the previous year. Although the overall number of cyberattacks declined by seven percent, the figures indicate that attackers are deliberately targeting more lucrative methods.

The latest Cyber Threat Report from Check Point Research documents an average of 2,055 cyberattacks per week and enterprise globally in May 2026. While this represents a decline of seven percent compared to April, it remains above the previous year’s level. Security researchers do not view this development as a relaxation, but rather as a strategic shift: attackers are increasingly concentrating on highly profitable ransomware campaigns instead of volume-based attacks.

Particularly noteworthy is the geographic distribution: In Germany, the attack landscape remained stable at an average of 1,318 incidents per week. Austria also reported only minor changes, while Switzerland reported a seven percent increase. Industry hotspots in Germany are energy supply, education, construction, software development, and telecommunications. Internationally, educational institutions were the preferred targets with an average of 4,641 attacks per week, followed by government agencies, telecom companies, and increasingly agricultural, tourism, and construction sector businesses.

Regarding ransomware attacks themselves, a dramatic increase is evident: In May 2026, 698 publicly known ransomware incidents were registered – a gain of 48 percent compared to May 2025. This increase is manifesting in nearly all regions worldwide. Business service providers were particularly hard hit and recorded a multiplication of cases year-over-year. Consumer goods manufacturers and industrial companies also reported significant increases. Over 60 active extortion groups were active in May, with some major players dominating the landscape.

The data reveals a further risk in the use of generative AI: 91 percent of enterprises regularly using GenAI tools were affected by information disclosure risks. On average, organizations use nine different AI tools without corresponding security and governance structures in place. One in every 25 AI prompts posed a high risk for sensitive data disclosure, indicating a lack of controls in the rollout of generative AI solutions.


Source: www.it-daily.net · Published June 16, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.1.

Share on: