January 2026 Threat Trend Report on Ransomware
This report provides the number of affected systems confirmed during January 2026, DLS-based ransomware-related statistics, and notable ransomware issues in Korea and abroad. Below is a summary of some information.
The statistics on the number of ransomware samples and affected systems were based on the diagnostic names assigned by AhnLab, and the statistics on ransomware-affected companies were derived from information publicly disclosed on the DLS (Dedicated Leak Sites, also referred to as ransomware PR sites or PR pages) of ransomware groups, collected based on the timing from the ATIP infrastructure.
As of December 2025, the method of aggregating statistics for ransomware-affected companies has changed. Accordingly, caution is required when directly comparing monthly statistics from reports prior to December 2025.
[Summary of Statistics]
The following are the four statistics provided by AhnLab SEcurity intelligence Center (ASEC). The ASEC blog only provides the trend statistics of “Ransomware DLS and Detections Statistics (Past 3 Years)”, and the other statistics can be found in the reports attached to AhnLab TIP.
- Top 10 Countries Affected by Ransomware Group (January 2026)
- Industries Affected by Ransomware Group (January 2026)
- Top 10 Ransomware Group Trends in the Last 3 Years
- Ransomware DLS and Detection Statistics (Last 3 years)
[Summary of Key Issues]
In January 2026, ransomware groups launched attacks against various industries worldwide. Attacks targeting critical infrastructure such as manufacturing, healthcare, and finance were particularly notable. The activities of existing groups also continued to be active with the emergence of new ransomware groups.
The AhnLab TIP report provides insights into the trends of major ransomware groups and the ransomware damage trends by industry/ and region..
- Trends of Major Ransomware Groups (Qilin,Clop, The Gentlemen, etc.)
- Damage Trends by Industry
- Damage Trends by Region
- New Threat Trends
