Purpose and Scope this report summarizes ransomware-related statistics based on Dedicated Leak Sites (DLS) (ransomware PR sites or PR pages) and Quantity of ransomware damaged systems identified during the month of April 2026. it also provides major ransomware issues in Korea and abroad and Damage Trends by Industry/Region. Key Statistics ransomware Sample Quantity and Damage […]

Statistics on Attachment Threat Types in April 2026, the most common threat in phishing email attachments was Trojan (47%). this type was distributed by disguising itself with a double extension or a legitimate file name to trick the user into executing it and installing malware on the system. they continued to spread through multiple variants […]

Statistics on Attachment Threats Types. trojans accounted for the largest share of attachment-based threats in March 2026 at 21%. phishing (FakePage) came in at 15%, with a significant month-over-month decrease in share from 42% to 15%, but a slight decrease in volume. downloaders were identified at 9% and droppers at 7%. trojans continue to circulate […]

Overview ahnLab monitored APT attacks against domestic targets during the month of March 2026. most of the attacks were launched through Spear Phishing emails sent after reconnaissance of specific targets. APT Attack Trends in Korea the majority of distribution vectors were shortcut (.lnk) files, with LNK-based attacks dominating. Type A is to run PowerShell with […]

Purpose and Scope. this report analyzes the strategies, techniques, and impacts of APT groups believed to be state-sponsored. it excludes financial crimes groups from its scope and organizes major threat behaviors by ATIP’s representative names. the activities of 13 APT groups were aggregated based on publicly available data for the most recent month. Leading APT […]

Content. a number of malware samples including phishing, web shell, droppers, backdoor malware, downloaders, Infostealer, and CoinMiner targeting the financial sector have been distributed. we observed a number of cases where Korean disguised attachment names and HTML/JS execution methods were utilized to propagate phishing. account compromise campaigns through the Telegram API were confirmed, with approximately […]

Purpose and Scope. this report summarizes the number of ransomware samples, number of affected systems, DLS-based statistics, and major Korean & Global ransomware issues identified during the month of March 2026. Key statistics. ransomware sample counts and victimized systems statistics were aggregated by detection name assigned by AhnLab. statistics on targeted businesses were calculated based […]