Purpose and Scope.

this report summarizes the number of ransomware samples, number of affected systems, DLS-based statistics, and major Korean & Global ransomware issues identified during the month of March 2026.

Key statistics.

ransomware sample counts and victimized systems statistics were aggregated by detection name assigned by AhnLab.
statistics on targeted businesses were calculated based on the information disclosed in the Dedicated Leak Sites (DLS) of each group at the time of ATIP infrastructure collection.
beginning in December 2025, the aggregation methodology for statistics on targeted businesses changed, so direct comparisons to monthly figures prior to December 2025 should be made with caution.
Only ransomware DLS and detection trends for the last three years are published on the ASEC blog, while more detailed statistics are available in the AhnLab TIP report.
the report includes the top 10 most affected countries by ransomware group, industry statistics, and three-year trends for the top 10 groups.

Major Issues.

march 2026 was characterized by attacks targeting critical infrastructure, including manufacturing, healthcare, and finance.
The activity of major groups such as Qilin, The Gentlemen, and INC Ransom continued, and the emergence of new ransomware groups was observed.
in addition to traditional data encryption, the attack vector was confirmed to be a combination of victim exposure and blackmail through DLS.

Conclusion.

the report warns of the persistence of ransomware threats targeting various industries globally and the proliferation of DLS-based victim disclosure methods.
the report highlights the need to maintain persistence in monitoring and detection and analysis capabilities.
for more detailed statistics and trends by group, please see the attached AhnLab TIP report.