Find notable cyber news and cases, enriched with sources, timelines, and signals.

Qilin, Akira and Sinobi late-2025 ransomware wave

Campaign
First reported
Last updated
Happening score
H score 39
1 unique sources, 1 articles

Summary

Hide ▲

A late-2025 ransomware wave led by Qilin, Akira and Sinobi increased pressure on organizations as operators prioritized fast access and execution to evade detection. Qilin was linked to over 450 victims, Akira to over 200 victims, and Sinobi saw listings rise by over 300%. The activity matters because it shows ransomware crews can keep scaling output even when the number of active groups falls.

Related Happenings

Qilin consolidates into dominant RaaS position as ransomware market reconcentrates

Threat Actor Meta
H score39 First: 03.07.2026 16:00 Last: 03.07.2026 16:00 Sources 1

About this happening: **Qilin** is consolidating into a dominant **RaaS** position as the ransomware ecosystem shifts back from fragmentation to concentration, increasing affiliate scale and victim vol...

Akira group rapid double-extortion ransomware activity

Malware Activity
H score45 First: 02.04.2026 16:00 Last: 02.04.2026 16:00 Sources 1

About this happening: **Akira** ransomware activity now includes **AdaptixC2** abuse in active intrusions, alongside the group’s **under-one-hour** to **under-four-hours** attack cadence. A **Silent Pu...

The Gentlemen RaaS split exposed by hastalamuerte

Threat Actor Meta
H score25 First: 19.03.2026 18:00 Last: 19.03.2026 18:00 Sources 1

About this happening: **hastalamuerte** exposed the internal workings of **The Gentlemen** ransomware group, revealing a **Qilin-related RaaS split** that shows how affiliate-driven ecosystems can rapi...

Iran MOIS embeds cybercriminal services into offensive operations

Threat Actor Meta
H score20 First: 12.03.2026 23:11 Last: 12.03.2026 23:11 Sources 1

About this happening: **Iran's MOIS** is increasingly using the **cybercriminal underground** to support offensive operations, making attribution harder and raising the risk of **destructive activity**...

University of Mississippi Medical Center (UMMC) hit by ransomware attack

Incident
H score64 First: 20.02.2026 13:50 Last: 20.02.2026 13:50 Sources 1

About this happening: The **University of Mississippi Medical Center (UMMC)** suffered a **ransomware attack** that forced **all clinic locations statewide** to close and disrupted access to **Epic ele...

Timeline

  1. 29.01.2026 15:01 2 articles · 5mo ago

    ReliaQuest reports a late-2025 ransomware wave driven by Qilin, Akira and Sinobi

    Campaign Scope Update

    ReliaQuest's Q4 2025 ransomware analysis reports a late-2025 wave in which leak-site postings climbed even as active group counts fell, with Qilin, Akira and Sinobi identified as the most prolific operators and Qilin linked to over 450 victims, Akira to over 200 victims, and Sinobi to a listings surge of over 300%.

    Show sources