INSPECTING ARCHIVED INTELLIGENCE (OUTDATED VERSION).
IT threat evolution in Q1 2026 non-mobile statistics
| 2026-05-18 12:00 CRITICAL HIGHExecutive Summary AI-generated
The situation in the cybersecurity landscape is critical, with a surge of ransomware attacks and miners targeting various countries and territories. The United States, Netherlands, and Germany have borne the brunt of these attacks, accounting for significant proportions of SSH-based assaults. This trend suggests that nations prioritizing digital security are taking proactive measures to safeguard their citizens' data.
Technical Mitigations AI-generated
• Use up-to-date security software and keep it updated to protect against known vulnerabilities like CVE-2026-20131.
• Implement a robust firewall configuration, such as Cisco Secure FMC management system, to block arbitrary Java code execution with root privileges on the affected device.
• Regularly update operating systems and applications to patch critical vulnerabilities before they can be exploited by attackers.
AI Podcast (EN) detail_available
detail_listen_ai (EN)
Intelligence Metadata
Actors / Malware / CVEs / Campaigns
Operation TriangulationOperation Triangulation
INC RansomINC Ransom
WannaCryWannaCryBlackCatBlackCatQilinQilin
CVE-2026-20131CVE-2026-20131
Target & Sectors
AFRICA
AFRICA
NORDICS
NORDICS
SOUTH_ASIA
SOUTH_ASIA
NORTH_AMERICA
NORTH_AMERICA
LATAM
LATAM
CENTRAL_ASIA
CENTRAL_ASIA
BENELUX
BENELUX
ASEAN
ASEAN
DACH
DACH
MIDDLE_EAST
MIDDLE_EAST
mediamedia
Incident Timeline
at least November 2020
Phobos ransomware administrators used international attacks to target victims from at least November 2020.
Click on any entity below to view its context and source!
tactic
Ransomware
In March, a Phobos ransomware administrator
pleaded guilty
to the creation and distribution of the Trojan, which had been used in international attacks dating back to at least November 2020.
November 2020
Threat actors used a prior direct role in BlackCat ransomware attacks to facilitate dozens of ransomware attacks across the United States.
Click on any entity below to view its context and source!
organisation
the U.S. Department of Justice
In March, the U.S. Department of Justice
charged
a man who had acted as a negotiator for ransomware groups.
Q1 2025
Threat actors used ransomware to target 77,319 unique users in Q1 2025.
Click on any entity below to view its context and source!
tactic
Ransomware
Number of new ransomware modifications, Q1 2025 — Q1 2026 (
download
)
Number of users attacked by ransomware Trojans
Throughout Q1, our solutions protected 77,319 unique users from ransomware.
victims
77,319 unique users
Number of new ransomware modifications, Q1 2025 — Q1 2026 (
download
)
Number of users attacked by ransomware Trojans
Throughout Q1, our solutions protected 77,319 unique users from ransomware.
no later than July 2025
Threat actors used INC Ransom to target 7.25% of the population emerging no later than July 2025.
Click on any entity below to view its context and source!
threat_actor
INC Ransom
Emerging no later than July 2025, the group had already surpassed the activity levels of mainstays such as Akira (7.25%) and INC Ransom (6.13%).
general_metric
7.25 %
Emerging no later than July 2025, the group had already surpassed the activity levels of mainstays such as Akira (7.25%) and INC Ransom (6.13%).
general_metric
6.13 %
Emerging no later than July 2025, the group had already surpassed the activity levels of mainstays such as Akira (7.25%) and INC Ransom (6.13%).
July 2025
Threat actors used Malware web attacks to target 11.55% of users' computers worldwide during Q1, with the United States and Germany accounting for the highest proportions.
Click on any entity below to view its context and source!
organisation
Q4
Country/territory
Q4 2025
Q1 2026
United States
16.10%
23.74%
The Netherlands
15.78%
17.57%
Germany
12.07%
10.34%
Panama
7.72%
6.34%
India
5.32%
6.05%
Romania
4.05%
5.82%
Australia
1.62%
4.61%
Vietnam
4.21%
3.50%
Russian Federation
3.79%
2.35%
Sweden
2.25%
2.09%
China continues to account for the largest proportion of Telnet attacks, though there was a marked increase in activity originating from Pakistan.
organisation
Ransomware
Ransomware activity was highest in March, with 35,056 unique users encountering such attacks during the month.
victims
35,056 unique users
Ransomware activity was highest in March, with 35,056 unique users encountering such attacks during the month.
organisation
Verdict
%
TOP 10 most common families of ransomware Trojans
Name
Verdict
%*
1
(generic verdict)
Trojan-Ransom.
infrastructure
Macos
Geography of threats to macOS
TOP 10 countries and territories by share of attacked users
Country/territory
%* Q4 2025
%* Q1 2026
China
1.28
1.97
France
1.18
1.07
Brazil
1.13
0.98
Mexico
0.72
0.52
Germany
0.71
0.45
The Netherlands
0.62
0.75
Hong Kong
0.49
0.53
India
0.42
0.48
Russian Federation
0.34
0.37
Thailand
0.24
0.27
* Unique users who encountered threats to macOS as a percentage of all unique Kaspersky users in the country/territory.
In March, researchers with
GTIG
and
iVerify
reported the discovery of an in-the-wild exploit chain targeting both iOS and macOS devices.
Devices running macOS were similarly
impacted
by the high-profile supply chain attack targeting the Axios npm package, a widely used HTTP client for JavaScript.
The installation of the infected package led to the deployment of a backdoor on macOS devices.
TOP 20 threats to macOS
Unique users* who encountered this malware as a percentage of all attacked users of Kaspersky security solutions for macOS (
download
)
data_breach
21.09 Mozambique
Country/territory*
%**
1
Turkmenistan
47.96
2
Tajikistan
31.48
3
Cuba
31.03
4
Yemen
29.59
5
Afghanistan
28.47
6
Burundi
26.93
7
Uzbekistan
24.81
8
Syria
23.08
9
Nicaragua
21.97
10
Cameroon
21.60
11
China
21.09
12
Mozambique
21.02
13
Algeria
20.64
14
Democratic Republic of the Congo
20.63
15
Bangladesh
20.44
16
Mali
20.35
17
Republic of the Congo
20.23
18
Madagascar
20.00
19
Belarus
19.78
20
Tanzania
19.52
* Excluded are countries and territories with relatively few (under 10,000)
data_breach
12 Mozambique
Country/territory*
%**
1
Turkmenistan
47.96
2
Tajikistan
31.48
3
Cuba
31.03
4
Yemen
29.59
5
Afghanistan
28.47
6
Burundi
26.93
7
Uzbekistan
24.81
8
Syria
23.08
9
Nicaragua
21.97
10
Cameroon
21.60
11
China
21.09
12
Mozambique
21.02
13
Algeria
20.64
14
Democratic Republic of the Congo
20.63
15
Bangladesh
20.44
16
Mali
20.35
17
Republic of the Congo
20.23
18
Madagascar
20.00
19
Belarus
19.78
20
Tanzania
19.52
* Excluded are countries and territories with relatively few (under 10,000)
data_breach
21.02 Mozambique
Country/territory*
%**
1
Turkmenistan
47.96
2
Tajikistan
31.48
3
Cuba
31.03
4
Yemen
29.59
5
Afghanistan
28.47
6
Burundi
26.93
7
Uzbekistan
24.81
8
Syria
23.08
9
Nicaragua
21.97
10
Cameroon
21.60
11
China
21.09
12
Mozambique
21.02
13
Algeria
20.64
14
Democratic Republic of the Congo
20.63
15
Bangladesh
20.44
16
Mali
20.35
17
Republic of the Congo
20.23
18
Madagascar
20.00
19
Belarus
19.78
20
Tanzania
19.52
* Excluded are countries and territories with relatively few (under 10,000)
infrastructure
Ios
In March, researchers with
GTIG
and
iVerify
reported the discovery of an in-the-wild exploit chain targeting both iOS and macOS devices.
organisation
iVerify
In March, researchers with
GTIG
and
iVerify
reported the discovery of an in-the-wild exploit chain targeting both iOS and macOS devices.
organisation
the On-Access Scan
The statistics are based on detection verdicts from the On-Access Scan (OAS) and On-Demand Scan (ODS) modules of File Anti-Virus and include detections of malicious programs located on user computers or removable media connected to the computers, such as flash drives, camera memory cards, phones, or external hard drives.
organisation
OAS
The statistics are based on detection verdicts from the On-Access Scan (OAS) and On-Demand Scan (ODS) modules of File Anti-Virus and include detections of malicious programs located on user computers or removable media connected to the computers, such as flash drives, camera memory cards, phones, or external hard drives.
organisation
ODS
The statistics are based on detection verdicts from the On-Access Scan (OAS) and On-Demand Scan (ODS) modules of File Anti-Virus and include detections of malicious programs located on user computers or removable media connected to the computers, such as flash drives, camera memory cards, phones, or external hard drives.
organisation
Mirai
The primary shifts in the IoT threat distribution are linked to the activity of various Mirai botnet variants, although members of this family continue to account for the majority of the list.
organisation
NyaDrop
We also observed a significant decline in NyaDrop botnet activity during Q1.
organisation
Operation Triangulation
Our analysis confirmed
that the toolkit included an updated version of a component previously identified in the Operation Triangulation attack chain.
financial
6.38 WannaCry Trojan Ransom
Win32.Crypren
6.38
3
WannaCry
Trojan-Ransom.
financial
3 WannaCry Trojan Ransom
Win32.Crypren
6.38
3
WannaCry
Trojan-Ransom.
organisation
PasivRobber
The share of PasivRobber spyware attacks is beginning to decline, giving way to more traditional adware and Monitor-class software capable of tracking user activity.
organisation
IoT
IoT threat statistics
This section presents statistics on attacks targeting Kaspersky IoT honeypots.
organisation
Kaspersky IoT
IoT threat statistics
This section presents statistics on attacks targeting Kaspersky IoT honeypots.
organisation
IP
The geographic data on attack sources is based on the IP addresses of attacking devices.
organisation
Telnet
The distribution of attacks between Telnet and SSH maintained the ratio observed in Q4 2025.
organisation
Anti-Virus
Web Anti-Virus was triggered by 49,983,611 unique URLs.
January 26, 2026
The Gentlemen, a new threat actor, targeted organizations with network appliances.
at least January 26, 2026
The Interlock group exploited the CVE-2026-20131 zero-day vulnerability in Cisco Secure FMC firewall management software starting at least January 26, 2026.
Click on any entity below to view its context and source!
vulnerability
CVE-2026-20131
Vulnerabilities and attacks
The Interlock group has been heavily
exploiting
the CVE-2026-20131 zero-day vulnerability in Cisco Secure FMC firewall management software since at least January 26, 2026.
tactic
T1588.006 - Vulnerabilities
Vulnerabilities and attacks
The Interlock group has been heavily
exploiting
the CVE-2026-20131 zero-day vulnerability in Cisco Secure FMC firewall management software since at least January 26, 2026.
organisation
The Interlock
Vulnerabilities and attacks
The Interlock group has been heavily
exploiting
the CVE-2026-20131 zero-day vulnerability in Cisco Secure FMC firewall management software since at least January 26, 2026.
Q1 2026
Number of unique users attacked by miners, Q1 2026 (download).
Click on any entity below to view its context and source!
tactic
Ransomware
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
Number of new ransomware modifications, Q1 2025 — Q1 2026 (
download
)
Number of users attacked by ransomware Trojans
Throughout Q1, our solutions protected 77,319 unique users from ransomware.
target_region
Pakistan
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
target_region
Korea, Republic of
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
target_region
China
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
target_region
Tajikistan
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
target_region
Libya
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
target_region
Turkmenistan
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
target_region
Iraq
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
target_region
Bangladesh
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
target_region
Rwanda
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
target_region
Cameroon
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
10 countries
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
1 Pakistan
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
0.79 South Korea
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
2 South Korea
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
0.64 China
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
3 China
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
0.52 Tajikistan
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
4 Tajikistan
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
0.40 Libya
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
5 Libya
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
0.38 Turkmenistan
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
6 Turkmenistan
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
0.36 Iraq
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
7 Iraq
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
0.35 Bangladesh
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
8 Bangladesh
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
0.33 Rwanda
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
9 Rwanda
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
0.30 Cameroon
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
0.28 Cameroon
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
50,000 few
Number of unique users attacked by ransomware Trojans, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by ransomware Trojans
Country/territory*
%**
1
Pakistan
0.79
2
South Korea
0.64
3
China
0.52
4
Tajikistan
0.40
5
Libya
0.38
6
Turkmenistan
0.36
7
Iraq
0.35
8
Bangladesh
0.33
9
Rwanda
0.30
10
Cameroon
0.28
* Excluded are countries and territories with relatively few (under 50,000)
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
target_region
Senegal
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
target_region
Mali
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
target_region
Ethiopia
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
target_region
Panama
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
target_region
Afghanistan
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
target_region
Kazakhstan
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
organisation
miners
Country
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
target_region
Tanzania, United Republic of
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
target_region
Bolivia, Plurinational State of
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
3.19 Turkmenistan
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
3.06 Mali
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
2.63 Tanzania
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
1.62 Bangladesh
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
0.95 Panama
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
0.88 Afghanistan
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
general_metric
0.75 Bolivia
Number of unique users attacked by miners, Q1 2026 (
download
)
Attack geography
TOP 10 countries and territories attacked by miners
Country/territory*
%**
1
Senegal
3.19
2
Turkmenistan
3.06
3
Mali
2.63
4
Tanzania
1.62
5
Bangladesh
1.06
6
Ethiopia
0.95
7
Panama
0.88
8
Afghanistan
0.79
9
Kazakhstan
0.77
10
Bolivia
0.75
* Excluded are countries and territories with relatively few (under 50,000)
victims
77,319 unique users
Number of new ransomware modifications, Q1 2025 — Q1 2026 (
download
)
Number of users attacked by ransomware Trojans
Throughout Q1, our solutions protected 77,319 unique users from ransomware.
victims
260,588 unique Kaspersky users
Number of new miner modifications, Q1 2026 (
download
)
Number of users attacked by miners
In Q1, we detected attacks using miner programs on the computers of 260,588 unique Kaspersky users worldwide.
January 2026
Law enforcement agencies seized the domains of the RAMP cybercrime forum, disrupting a key element of ransomware developers' operations.
Click on any entity below to view its context and source!
attribution
Ransomware
Ransomware
Quarterly trends and highlights
Law enforcement success
In January 2026, it was
reported
that the FBI had seized the domains of the RAMP cybercrime forum, a major platform used extensively by ransomware developers to advertise their RaaS programs and to recruit affiliates.
attribution
FBI
Ransomware
Quarterly trends and highlights
Law enforcement success
In January 2026, it was
reported
that the FBI had seized the domains of the RAMP cybercrime forum, a major platform used extensively by ransomware developers to advertise their RaaS programs and to recruit affiliates.
attribution
RAMP
Ransomware
Quarterly trends and highlights
Law enforcement success
In January 2026, it was
reported
that the FBI had seized the domains of the RAMP cybercrime forum, a major platform used extensively by ransomware developers to advertise their RaaS programs and to recruit affiliates.
Q1 2026
Kaspersky solutions detected 3485 new modifications of miners.
Click on any entity below to view its context and source!
tactic
Ransomware
Number of each group’s victims according to its DLS as a percentage of all groups’ victims published on all the DLSs under review during the reporting period (
download
)
Number of new variants
In Q1 2026, Kaspersky solutions detected six new ransomware families and 2938 new modifications.
infrastructure
Macos
Attacks on macOS
In Q1 2026, Google
uncovered
a new cryptocurrency theft campaign.
organisation
Google
Attacks on macOS
In Q1 2026, Google
uncovered
a new cryptocurrency theft campaign.
organisation
Non-mobile
Non-mobile statistics
IT threat evolution in Q1 2026.
organisation
Miners
Number
Miners
Number of new variants
In Q1 2026, Kaspersky solutions detected 3485 new modifications of miners.
general_metric
3485 new modifications
Miners
Number of new variants
In Q1 2026, Kaspersky solutions detected 3485 new modifications of miners.
organisation
SSH
In Q1 2026, the share of devices attacking Kaspersky honeypots via the SSH protocol saw a significant increase compared to the previous reporting period.
general_metric
343,823,407 attacks
In Q1 2026, Kaspersky solutions blocked 343,823,407 attacks launched from internet resources worldwide.
general_metric
15,831,319 malicious objects
In Q1 2026, our File Anti-Virus detected 15,831,319 malicious and potentially unwanted objects.
2026/05/18
Threat actors used Kaspersky products to target 77,000 users whose data was published on DLS in Q1 2026.
Click on any entity below to view its context and source!
victims
77,000 users
More than 77,000 users experienced ransomware attacks.
organisation
DLS
14% of all ransomware victims whose data was published on threat actors’ data leak sites (DLS) were victims of Clop.
organisation
Kaspersky
Mobile statistics
The statistics in this report are based on detection verdicts returned by Kaspersky products unless otherwise stated.
organisation
File Anti-Virus
File Anti-Virus blocked nearly 15 million malicious and potentially unwanted objects.
victims
260,000 users
More than 260,000 users were targeted by miners.
Tactical Metrics
Metrics
infrastructure
Macos
Affected Product
Click for context!
Geography of threats to macOS
TOP 10 countries and territories by share of attacked users
Country/territory
%* Q4 2025
%* Q1 2026
China
1.28
1.97
France
1.18
1.07
Brazil
1.13
0.98
Mexico
0.72
0.52
Germany
0.71
0.45
The Netherlands
0.62
0.75
Hong Kong
0.49
0.53
India
0.42
0.48
Russian Federation
0.34
0.37
Thailand
0.24
0.27
* Unique users who encountered threats to macOS as a percentage of all unique Kaspersky users in the country/territory.
Attacks on macOS
In Q1 2026, Google
uncovered
a new cryptocurrency theft campaign.
In March, researchers with
GTIG
and
iVerify
reported the discovery of an in-the-wild exploit chain targeting both iOS and macOS devices.
Devices running macOS were similarly
impacted
by the high-profile supply chain attack targeting the Axios npm package, a widely used HTTP client for JavaScript.
The installation of the infected package led to the deployment of a backdoor on macOS devices.
TOP 20 threats to macOS
Unique users* who encountered this malware as a percentage of all attacked users of Kaspersky security solutions for macOS (
download
)
Metrics
data_breach
21
Mozambique
Country/territory*
%**
1
Turkmenistan
47.96
2
Tajikistan
31.48
3
Cuba
31.03
4
Yemen
29.59
5
Afghanistan
28.47
6
Burundi
26.93
7
Uzbekistan
24.81
8
Syria
23.08
9
Nicaragua
21.97
10
Cameroon
21.60
11
China
21.09
12
Mozambique
21.02
13
Algeria
20.64
14
Democratic Republic of the Congo
20.63
15
Bangladesh
20.44
16
Mali
20.35
17
Republic of the Congo
20.23
18
Madagascar
20.00
19
Belarus
19.78
20
Tanzania
19.52
* Excluded are countries and territories with relatively few (under 10,000)
Metrics
data_breach
12
Mozambique
Country/territory*
%**
1
Turkmenistan
47.96
2
Tajikistan
31.48
3
Cuba
31.03
4
Yemen
29.59
5
Afghanistan
28.47
6
Burundi
26.93
7
Uzbekistan
24.81
8
Syria
23.08
9
Nicaragua
21.97
10
Cameroon
21.60
11
China
21.09
12
Mozambique
21.02
13
Algeria
20.64
14
Democratic Republic of the Congo
20.63
15
Bangladesh
20.44
16
Mali
20.35
17
Republic of the Congo
20.23
18
Madagascar
20.00
19
Belarus
19.78
20
Tanzania
19.52
* Excluded are countries and territories with relatively few (under 10,000)
Metrics
data_breach
21
Mozambique
Country/territory*
%**
1
Turkmenistan
47.96
2
Tajikistan
31.48
3
Cuba
31.03
4
Yemen
29.59
5
Afghanistan
28.47
6
Burundi
26.93
7
Uzbekistan
24.81
8
Syria
23.08
9
Nicaragua
21.97
10
Cameroon
21.60
11
China
21.09
12
Mozambique
21.02
13
Algeria
20.64
14
Democratic Republic of the Congo
20.63
15
Bangladesh
20.44
16
Mali
20.35
17
Republic of the Congo
20.23
18
Madagascar
20.00
19
Belarus
19.78
20
Tanzania
19.52
* Excluded are countries and territories with relatively few (under 10,000)
Metrics
victims
77,000
Users
More than 77,000 users experienced ransomware attacks.
Metrics
victims
77,319
Unique Users
Number of new ransomware modifications, Q1 2025 — Q1 2026 (
download
)
Number of users attacked by ransomware Trojans
Throughout Q1, our solutions protected 77,319 unique users from ransomware.
Metrics
victims
35,056
Unique Users
Ransomware activity was highest in March, with 35,056 unique users encountering such attacks during the month.
Metrics
infrastructure
Ios
Affected Product
In March, researchers with
GTIG
and
iVerify
reported the discovery of an in-the-wild exploit chain targeting both iOS and macOS devices.
Metrics
financial
6
Wannacry Trojan Ransom
Win32.Crypren
6.38
3
WannaCry
Trojan-Ransom.
Metrics
financial
3
Wannacry Trojan Ransom
Win32.Crypren
6.38
3
WannaCry
Trojan-Ransom.
Metrics
victims
260,588
Unique Kaspersky Users
Number of new miner modifications, Q1 2026 (
download
)
Number of users attacked by miners
In Q1, we detected attacks using miner programs on the computers of 260,588 unique Kaspersky users worldwide.
Metrics
victims
260,000
Users
More than 260,000 users were targeted by miners.
Intelligence Sources
Kaspersky
2026-05-18
Kaspersky
2026-05-18
Unpublish from Social Media?
Are you sure you want to delete this podcast video from all synchronized social networks (YouTube, Facebook, Threads)?
Important:
Due to Meta API restrictions, Instagram Reels cannot be deleted automatically via API by third-party apps.
View Profile to Delete Manually
View Profile to Delete Manually
Tactical Intelligence
Report Intelligence Issue
Podcast Options
Generate
Reset / Delete
Incident Version History
CURRENT VERSION
Last Updated: 2026-06-29T06:34
Comprehensive Tactical Telemetry
Highly Correlated Entities
61x
target region
Target Country
Poland
country
45x
general metric
%
16
%
26x
organisation
Identified Entity
miners
Country
entity
14x
timeline
Temporal Reference
Q1 2026
date
4x
tactic
Cyber Operation Type
Ransomware
tactic
4x
general metric
Bangladesh
0
bangladesh
4x
general metric
Brazil
1
brazil
4x
tactic
MITRE ATT&CK Technique
T1588.006 - Vulnerabilities
technique
3x
general metric
Tajikistan
1
tajikistan
3x
general metric
Turkmenistan
0
turkmenistan
3x
general metric
Cameroon
0
cameroon
3x
general metric
Afghanistan
1
afghanistan
3x
general metric
Germany
1
germany
3x
data breach
Mozambique
21
mozambique
3x
attribution
Attributing Entity
Ransomware
authority
3x
malware
Malware Payload
Qilin
tool
2x
general metric
South Korea
1
south korea
2x
general metric
China
1
china
2x
general metric
Libya
0
libya
2x
general metric
Iraq
0
iraq
2x
general metric
Rwanda
0
rwanda
2x
general metric
Mali
3
mali
2x
general metric
Tanzania
3
tanzania
2x
infrastructure
Affected Product
Macos
software
2x
general metric
France
1
france
2x
general metric
Mexico
1
mexico
2x
general metric
Netherlands
1
netherlands
2x
general metric
India
1
india
2x
general metric
Russian Federation
0
russian federation
2x
general metric
Thailand
0
thailand
2x
general metric
Serbia
7
serbia
2x
general metric
Tunisia
6
tunisia
2x
general metric
Qatar
6
qatar
2x
general metric
Spain
6
spain
2x
victims
Users
77,000
users
2x
victims
Unique Users
77,319
unique users
2x
general metric
Malicious Objects
15,000,000
malicious objects
2x
financial
Wannacry Trojan Ransom
6
wannacry trojan ransom
2x
general metric
Attacks
343,823,407
attacks
2x
general metric
Generic Verdict
3
generic verdict
Contextual Telemetry
Context Block
33 METRICS
general metric
Countries
10
countries
general metric
Pakistan
1
pakistan
general metric
Few
50,000
few
general metric
Panama
1
panama
general metric
Bolivia
1
bolivia
source region
Origin Country
Pakistan
country
general metric
Q1
2,026
q1
general metric
Hungary
9
hungary
general metric
Greece
7
greece
general metric
Portugal
7
portugal
general metric
Belgium
7
belgium
general metric
Slovakia
7
slovakia
general metric
Vietnam
11
vietnam
general metric
Bosnia
12
bosnia
general metric
Canada
13
canada
general metric
Sri Lanka
19
sri lanka
general metric
Cuba
31
cuba
general metric
Yemen
31
yemen
general metric
Uzbekistan
27
uzbekistan
general metric
Syria
25
syria
general metric
Nicaragua
23
nicaragua
general metric
Nicaragua Cameroon China
22
nicaragua cameroon china
general metric
Republic
20
republic
general metric
Belarus
20
belarus
industry
Targeted Sector
Media
sector
general metric
Win32.Crypmod
2
win32.crypmod
vulnerability
Exploited CVE
CVE-2026-20131
cve
campaign
Campaign
Operation Triangulation
operation
threat actor
APT Group
INC Ransom
actor
general metric
New Modifications
3,485
new modifications
victims
Unique Kaspersky Users
260,588
unique kaspersky users
general metric
Unique Urls
49,983,611
unique urls
general metric
Win32.Agent
4
win32.agent
Click on any entity below to view its context in the main text!
Selective Unpublish
Selecciona las redes de las que quieres eliminar esta publicación. El sistema intentará borrar el post real de la API y limpiará la base de datos para que puedas volver a lanzarlo.
By navigating this website, you accept the use of strictly necessary technical cookies for session security and basic platform functionality. We do not use tracking or advertising cookies.
Read our Privacy Policy.