Purpose and Scope

this report summarizes ransomware-related statistics based on Dedicated Leak Sites (DLS) (ransomware PR sites or PR pages) and Quantity of ransomware damaged systems identified during the month of April 2026. it also provides major ransomware issues in Korea and abroad and Damage Trends by Industry/Region.

Key Statistics

ransomware Sample Quantity and Damage System Quantity statistics are aggregated by detection name assigned by AhnLab. statistics on targeted businesses were collected from ATIP’s infrastructure based on the information disclosed in the ransomware group’s DLS at the time of collection. since the aggregation method of statistics on targeted businesses has changed from December 2025, direct comparisons with statistics for months prior to December 2025 should be taken with caution. Only the trend of ‘Statistics on Ransomware DLS and Detection (Last 3 Years)’ is disclosed in the ASEC blog, and the rest of the statistics can be found in the report attached to the AhnLab TIP.

Major Issues

in April 2026, ransomware groups launched attacks against various industries around the world. in particular, attacks targeting critical infrastructure facilities such as Manufacturing, Healthcare, and Finance stood out. new groups emerged, while existing groups remained active. The AhnLab TIP Report on Ransomware includes Trends of Major Ransomware Groups such as Qilin, The DragonFoece, and INC Ransom, Damage Trends by Industry, Damage Trends by Region, and New Threat Trends.

Conclusion

this report shows the ransomware damage and detection status in April 2026, along with the expansion of attacks targeting key industries and the emergence of new threats. detailed figures can be found in the report in the Attachment.