Qilin, Akira and Sinobi late-2025 ransomware wave
Campaign
Summary
Hide ▲
Show ▼
A late-2025 ransomware wave led by Qilin, Akira and Sinobi increased pressure on organizations as operators prioritized fast access and execution to evade detection. Qilin was linked to over 450 victims, Akira to over 200 victims, and Sinobi saw listings rise by over 300%. The activity matters because it shows ransomware crews can keep scaling output even when the number of active groups falls.
Related Happenings
Qilin consolidates into dominant RaaS position as ransomware market reconcentrates
Threat Actor Meta
H score39
First: 03.07.2026 16:00
Last: 03.07.2026 16:00
Sources 1
About this happening:
**Qilin** is consolidating into a dominant **RaaS** position as the ransomware ecosystem shifts back from fragmentation to concentration, increasing affiliate scale and victim vol...
Qilin consolidates into dominant RaaS position as ransomware market reconcentrates
Threat Actor MetaAbout this happening: **Qilin** is consolidating into a dominant **RaaS** position as the ransomware ecosystem shifts back from fragmentation to concentration, increasing affiliate scale and victim vol...
Akira group rapid double-extortion ransomware activity
Malware Activity
H score45
First: 02.04.2026 16:00
Last: 02.04.2026 16:00
Sources 1
About this happening:
**Akira** ransomware activity now includes **AdaptixC2** abuse in active intrusions, alongside the group’s **under-one-hour** to **under-four-hours** attack cadence. A **Silent Pu...
Akira group rapid double-extortion ransomware activity
Malware ActivityAbout this happening: **Akira** ransomware activity now includes **AdaptixC2** abuse in active intrusions, alongside the group’s **under-one-hour** to **under-four-hours** attack cadence. A **Silent Pu...
The Gentlemen RaaS split exposed by hastalamuerte
Threat Actor Meta
H score25
First: 19.03.2026 18:00
Last: 19.03.2026 18:00
Sources 1
About this happening:
**hastalamuerte** exposed the internal workings of **The Gentlemen** ransomware group, revealing a **Qilin-related RaaS split** that shows how affiliate-driven ecosystems can rapi...
The Gentlemen RaaS split exposed by hastalamuerte
Threat Actor MetaAbout this happening: **hastalamuerte** exposed the internal workings of **The Gentlemen** ransomware group, revealing a **Qilin-related RaaS split** that shows how affiliate-driven ecosystems can rapi...
Iran MOIS embeds cybercriminal services into offensive operations
Threat Actor Meta
H score20
First: 12.03.2026 23:11
Last: 12.03.2026 23:11
Sources 1
About this happening:
**Iran's MOIS** is increasingly using the **cybercriminal underground** to support offensive operations, making attribution harder and raising the risk of **destructive activity**...
Iran MOIS embeds cybercriminal services into offensive operations
Threat Actor MetaAbout this happening: **Iran's MOIS** is increasingly using the **cybercriminal underground** to support offensive operations, making attribution harder and raising the risk of **destructive activity**...
University of Mississippi Medical Center (UMMC) hit by ransomware attack
Incident
H score64
First: 20.02.2026 13:50
Last: 20.02.2026 13:50
Sources 1
About this happening:
The **University of Mississippi Medical Center (UMMC)** suffered a **ransomware attack** that forced **all clinic locations statewide** to close and disrupted access to **Epic ele...
University of Mississippi Medical Center (UMMC) hit by ransomware attack
IncidentAbout this happening: The **University of Mississippi Medical Center (UMMC)** suffered a **ransomware attack** that forced **all clinic locations statewide** to close and disrupted access to **Epic ele...
Timeline
-
29.01.2026 15:01 2 articles · 5mo ago
ReliaQuest reports a late-2025 ransomware wave driven by Qilin, Akira and Sinobi
Campaign Scope UpdateReliaQuest's Q4 2025 ransomware analysis reports a late-2025 wave in which leak-site postings climbed even as active group counts fell, with Qilin, Akira and Sinobi identified as the most prolific operators and Qilin linked to over 450 victims, Akira to over 200 victims, and Sinobi to a listings surge of over 300%.
Show sources
- Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups — www.infosecurity-magazine.com — 29.01.2026 15:01
- Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups — www.infosecurity-magazine.com — 29.01.2026 15:01