AhnLabβs January 2026 report summarizes ransomware activity and the number of affected systems using AhnLab diagnostic names and data collected from Dedicated Leak Sites (DLS). The report highlights notable attacks against critical infrastructure sectors (manufacturing, healthcare, finance), continued activity from existing groups and emergence of new groups, and notes a change in aggregation methodology from December 2025; #Qilin #Clop
Keypoints
- Statistics for January 2026 are based on AhnLab diagnostic names and DLS (Dedicated Leak Sites) data collected via ATIP infrastructure.
- A change in the aggregation method for ransomware-affected companies was implemented in December 2025, so direct comparisons with earlier monthly reports may be misleading.
- ASEC provides four main statistics: Top 10 countries affected, industries affected, Top 10 ransomware group trends (3-year), and ransomware DLS and detection statistics (3-year).
- January 2026 saw notable attacks against critical infrastructure sectors, especially manufacturing, healthcare, and finance.
- Both continued activity from established ransomware groups and the emergence of new ransomware groups were observed during the period.
- AhnLab TIP and the ASEC report offer insights into major group trends (e.g., Qilin, Clop, The Gentlemen) and damage trends by industry and region.
MITRE Techniques
Indicators of Compromise
Read more: https://asec.ahnlab.com/en/92620/