Archive for July 2, 2026

Ransomware Roundup: H1 2026 stats on attacks, ransoms, and active gangs 

Posted in Commentary with tags on July 2, 2026 by itnerd

Acording to a newly published Comparitech report, global ransomware attacks reached a new high in H1 of 2026 with an average of 23 attacks per day. During the first six months of 2026, researchers logged 4,217 ransomware attacks. This is an 11 percent increase on the second half of 2025 (3,809).

Additional key findings include: 

  • 484 confirmed ransomware attacks
    • 319 were on businesses
    • 83 were on government entities
    • 49 were on healthcare companies
    • 33 were on educational institutions
  • 3,733 unconfirmed attacks*
    • 3,356 were on businesses
    • 102 were on government entities
    • 198 were on healthcare companies
    • 71 were on educational institutions
  • 5,019,204 records compromised in the confirmed attacks
  • Median ransom demand: $150,000 (average: $1.36M)
  • Qilin was the most prolific ransomware group with 641 victims in total, followed by The Gentlemen (464) and Akira (317)
  • Qilin (54) and The Gentlemen (51) had the most confirmed attacks
  • The United States was the most targeted country with 1,832 attacks in total, followed by Canada (200), Germany (164), the United Kingdom (157), Italy (131), France (117), and Spain (100)
  • China saw one of the biggest upticks in attacks from H2 2025 to H1 2026 (up 540% from 5 to 30)

Commenting on these findings is Rebecca Moody, Head of Data Research at Comparitech: 

“One thing that stands out in this report is how the growth of one ransomware group can start to change the threat landscape. The Gentlemen overtook Qilin in the number of attack claims last month, and, as the group operates a more “international” approach to its targets, attack figures dropped in the US (when compared to H2 of 2025), despite figures increasing in most other countries. 

Around half of Qilin’s targets tend to be US-based, but less than 1 in 5 of The Gentlemen’s victims in June 2026 were based in the US. Perhaps seeing how saturated ransomware attacks are in the US, The Gentlemen has decided to focus more of its efforts further afield — and with relative success. 51 of its 2026 victims have confirmed their attacks to date, with notable names including Mackay Sugar in Australia, the Grand Hotel Taipei in Taiwan, and NATO contractor Indra (Spanish HQ but subsidiary affected).”

For full details, you can read the study here: https://www.comparitech.com/news/ransomware-roundup-h1-2026-stats-on-attacks-ransoms-and-active-gangs/

When an AI SOC Misses a Threat, What Happens?

Posted in Commentary with tags on July 2, 2026 by itnerd

With organizations adopting AI-powered SOCs, much of the attention focuses on reducing false positives. False negatives where AI falsely clears an attack or its early phases is far less discussed, but far more problematic.

Yasir Zahid, Cybersecurity Leader and Product Builder with Dubai-based Secure.com, has just published “When an AI SOC Gets It Wrong: False Negatives, Risk, and What Comes Next.

Yasir’s detailed analysis recognizes that AI SOCs miss real threats more often than SOC teams and their organizations expect, and lays out the costs of false negatives to the average organization.

  • AI detection tools lose ~between 45 and 50 percent of their tested accuracy when deployed in real environments because of differences in data, infrastructure and dynamic, evolving threats.
  • Up to 40 percent of alerts in a standard SOC go completely uninvestigated – and that slow detection is a strong potential driver for escalating estimates of the cost of a data breach.
  • An effective SOC is a  well-governed one that logs what it missed, flags gaps, routes uncertain signals to human review, and escalates ambiguous as well as high-risk cases to supervising humans.

You can read more here: What Happens When an AI SOC Misses a Threat