Ransomware Is Getting Uglier As Cybercriminals Fake Leaks and Skip Encryption Entirely
Source: Slashdot
Ransomware Activity Surge in Q1 2026
“Ransomware activity jumped again in Q1 2026, with 2,638 victim posts on leak sites, up 22 % year over year,” writes Slashdot reader BrianFagioli, citing a report from cybersecurity company ReliaQuest.
Shifts in the Ransomware Ecosystem
Established groups such as Akira and Qilin remain active, while newer players like The Gentlemen have surged into the top tier, showing a 588 % spike in activity.
Emergence of Fake Leak Sites
Questionable leak sites—including 0APT and ALP‑001—are muddying the waters by posting possibly fake breach claims. This forces organizations to investigate incidents that may not even be real.
Ransomware Without Encryption
Actors like ShinyHunters demonstrate that ransomware no longer always relies on encryption. By targeting identity systems and SaaS platforms, attackers can:
- Steal data using legitimate access obtained via phishing or phone‑based social engineering.
- Extort victims without deploying traditional malware.
Recommendations for Defenders
With a record 91 active leak sites and faster attack timelines, the report suggests defenders should:
- Focus less on tracking specific groups.
- Prioritize mitigation of common tactics such as credential theft, remote‑access abuse, and large‑scale data exfiltration.