Ransomware Is Getting Uglier As Cybercriminals Fake Leaks and Skip Encryption Entirely (nerds.xyz)
(Sunday May 03, 2026 @11:34AM (EditorDavid)
from the ransom-where dept.)
- Reference: 0183107122
- News link: https://it.slashdot.org/story/26/05/02/234244/ransomware-is-getting-uglier-as-cybercriminals-fake-leaks-and-skip-encryption-entirely
- Source link: https://nerds.xyz/2026/04/ransomware-q1-2026/
" [1]Ransomware activity jumped again in Q1 2026 ," writes Slashdot reader [2]BrianFagioli , "with 2,638 victim posts on leak sites, up 22% year over year," according to a [3]report from cybersecurity company ReliaQuest .
> But the bigger shift is how messy the ecosystem has become. Established groups like Akira and Qilin are still active, while newer players like The Gentlemen surged into the top tier with a 588 percent spike in activity. At the same time, questionable leak sites such as 0APT and ALP-001 are muddying the waters by posting possibly fake breach claims, forcing companies to investigate incidents that may not even be real.
>
> Meanwhile, actors like ShinyHunters are showing that ransomware does not always need encryption anymore. By targeting identity systems and SaaS platforms, attackers can steal data using legitimate access, often through phishing or even phone-based social engineering, and then extort victims without deploying traditional malware. With a record 91 active leak sites and faster attack timelines, the report suggests defenders should focus less on tracking specific groups and more on stopping common tactics like credential theft, remote access abuse, and large-scale data exfiltration.
[1] https://nerds.xyz/2026/04/ransomware-q1-2026/
[2] https://slashdot.org/~BrianFagioli
[3] https://reliaquest.com/blog/threat-spotlight-ransomware-and-cyber-extortion-in-q1-2026/
> But the bigger shift is how messy the ecosystem has become. Established groups like Akira and Qilin are still active, while newer players like The Gentlemen surged into the top tier with a 588 percent spike in activity. At the same time, questionable leak sites such as 0APT and ALP-001 are muddying the waters by posting possibly fake breach claims, forcing companies to investigate incidents that may not even be real.
>
> Meanwhile, actors like ShinyHunters are showing that ransomware does not always need encryption anymore. By targeting identity systems and SaaS platforms, attackers can steal data using legitimate access, often through phishing or even phone-based social engineering, and then extort victims without deploying traditional malware. With a record 91 active leak sites and faster attack timelines, the report suggests defenders should focus less on tracking specific groups and more on stopping common tactics like credential theft, remote access abuse, and large-scale data exfiltration.
[1] https://nerds.xyz/2026/04/ransomware-q1-2026/
[2] https://slashdot.org/~BrianFagioli
[3] https://reliaquest.com/blog/threat-spotlight-ransomware-and-cyber-extortion-in-q1-2026/
Both! (Score:2)
by Geoffrey.landis ( 926948 )
> "the report suggests defenders should focus less on tracking specific groups and more on stopping common tactics like credential theft, remote access abuse, and large-scale data exfiltration."
Both!
They're not mutually exclusive.
Ban paying ransoms (Score:2)
by SoftwareArtist ( 1472499 )
Or, as I've been saying for many years, we could outlaw paying ransoms. Do that and the whole ransomware ecosystem would shrivel up. The only reason it exists is that people keep paying ransoms. If we'd done it 15 years ago, the amount of harm that would have been avoided would be vast.
It also is the only solution that has any chance of success. As long as there's money to be made, attackers will keep finding ways to extort people.
Is it time for . . . (Score:2)
. . . letters of marque and reprisal?