News from the Wire

NCC data reveals global ransomware attacks decreased 8% in February

Wednesday, March 25, 2026 — 19:47:28 (UTC)

NCC Group Research Finds Global Ransomware Attacks Decreased 8% in February Manchester, UK, March 25, 2026—Following record-breaking heights in February 2025 (1,099 attacks), there were 635 ransomware incidents in February 2026, according to a new report from NCC Group. The significant drop year-on-year reflects the ‘batch-listing’ from the Cl0p ransomware group in February 2025 which caused a spike in reported incidents.

This fall year-on-year should not be mistaken for a reduced threat level or an opportunity for cyber security complacency. The technology landscape continues to evolve rapidly, with hybrid warfare gaining prominence, and the growing adoption of AI systems expanding the attack surface.

February 2026 key statistics:

Global ransomware attacks decreased 8% month-on-month The Industrials sector accounted for 31% of ransomware attacks in February 2026, remaining the most targeted sector Qilin was again the most active threat group, responsible for 15% of all attacks More than half (52%) of attacks targeted North America, followed by 21% in Europe

Security risks in AI-enabled platforms While AI-driven workflows are becoming easier to integrate and automate routine tasks, they are also introducing new security risks and amplifying existing ones. Recently identified vulnerabilities in low-code and no-code orchestration frameworks have exposed sensitive data and increased the risk of exploitation through remote code execution, command injection and other attack techniques.

Global conflict spurs cyber warfare Late February saw an escalation in tensions involving the US, Israel and Iran, underscoring the increasing integration of offensive cyber capabilities into modern conflict. Israel’s advanced cyber capabilities and history of attacks heighten the risk landscape, particularly for organizations with a presence in Israel. Cyber activity linked to the Israel–Iran tensions has included DDoS attacks, website defacements, exaggerated breach claims, and widespread AI-driven misinformation. While high in volume, most of this activity has been relatively low in direct operational impact rather than materially disruptive.

New ransomware variants and threat groups Despite the overall decline in attack volume, threat actors and techniques continue to evolve. A new ransomware variant, Reynolds, was identified in February, featuring a built-in Bring Your-Own-Vulnerable-Driver (BYOVD) component. Although Reynolds is still in its early stages and limited information is available, its delivery method is unusual and warrants caution. It shows how attackers are continuously refining techniques to bypass defensive controls and simplify execution.

Matt Hull, VP of Cyber Intelligence and Response said: “The past month has seen significant geopolitical turbulence. Given the complexity of global supply chains, even regionally focused cyber activity can have wider implications. Organizations worldwide must remain vigilant, as interconnected systems increase the risk of disruption and exposure to information warfare. “At the same time, rapid AI adoption across sectors is creating new security challenges. While ransomware volumes have decreased compared to both January and February last year, AI-enabled threats and an increasingly volatile landscape mean organizations must ensure their cyber resilience strategies can adapt to evolving risks.”

Notice to readers: These are archived articles. Contact information, links and other details may be out of date. We regret any inconvenience.

Source: Company press release.

Categories: Reports and research