Qilin, Akira and Sinobi late-2025 ransomware wave
Campaign
Summary
Hide ▲
Show ▼
A late-2025 ransomware wave led by Qilin, Akira and Sinobi increased pressure on organizations as operators prioritized fast access and execution to evade detection. Qilin was linked to over 450 victims, Akira to over 200 victims, and Sinobi saw listings rise by over 300%. The activity matters because it shows ransomware crews can keep scaling output even when the number of active groups falls.
Related Happenings
Akira group rapid double-extortion ransomware activity
Malware Activity
First: 02.04.2026 16:00
Last: 02.04.2026 16:00
Sources 1
About this happening:
**Akira** ransomware activity now includes **AdaptixC2** abuse in active intrusions, alongside the group’s **under-one-hour** to **under-four-hours** attack cadence. A **Silent Pu...
Akira group rapid double-extortion ransomware activity
Malware ActivityAbout this happening: **Akira** ransomware activity now includes **AdaptixC2** abuse in active intrusions, alongside the group’s **under-one-hour** to **under-four-hours** attack cadence. A **Silent Pu...
The Gentlemen RaaS split exposed by hastalamuerte
Threat Actor Meta
First: 19.03.2026 18:00
Last: 19.03.2026 18:00
Sources 1
About this happening:
**hastalamuerte** exposed the internal workings of **The Gentlemen** ransomware group, revealing a **Qilin-related RaaS split** that shows how affiliate-driven ecosystems can rapi...
The Gentlemen RaaS split exposed by hastalamuerte
Threat Actor MetaAbout this happening: **hastalamuerte** exposed the internal workings of **The Gentlemen** ransomware group, revealing a **Qilin-related RaaS split** that shows how affiliate-driven ecosystems can rapi...
Iran MOIS embeds cybercriminal services into offensive operations
Threat Actor Meta
First: 12.03.2026 23:11
Last: 12.03.2026 23:11
Sources 1
About this happening:
**Iran's MOIS** is increasingly using the **cybercriminal underground** to support offensive operations, making attribution harder and raising the risk of **destructive activity**...
Iran MOIS embeds cybercriminal services into offensive operations
Threat Actor MetaAbout this happening: **Iran's MOIS** is increasingly using the **cybercriminal underground** to support offensive operations, making attribution harder and raising the risk of **destructive activity**...
University of Mississippi Medical Center (UMMC) hit by ransomware attack
Incident
First: 20.02.2026 13:50
Last: 20.02.2026 13:50
Sources 1
About this happening:
The **University of Mississippi Medical Center (UMMC)** suffered a **ransomware attack** that forced **all clinic locations statewide** to close and disrupted access to **Epic ele...
University of Mississippi Medical Center (UMMC) hit by ransomware attack
IncidentAbout this happening: The **University of Mississippi Medical Center (UMMC)** suffered a **ransomware attack** that forced **all clinic locations statewide** to close and disrupted access to **Epic ele...
Advantest Corporation hit by ransomware attack
Incident
First: 20.02.2026 11:31
Last: 20.02.2026 11:31
Sources 1
About this happening:
**Advantest Corporation** disclosed a **ransomware intrusion** after detecting an **IT network intrusion** on **February 15**. Preliminary findings indicate an **unauthorized thir...
Advantest Corporation hit by ransomware attack
IncidentAbout this happening: **Advantest Corporation** disclosed a **ransomware intrusion** after detecting an **IT network intrusion** on **February 15**. Preliminary findings indicate an **unauthorized thir...
Latest development: 23.02.2026 13:30
As of February 23, 2026, Advantest Corporation said it had not confirmed a data breach after its ransomware incident and continued its investigation. The company said it had not confirmed which IT services were compromised or whether customer or employee data was affected.
Timeline
-
29.01.2026 15:01 2 articles · 3mo ago
ReliaQuest reports a late-2025 ransomware wave driven by Qilin, Akira and Sinobi
Campaign Scope UpdateReliaQuest's Q4 2025 ransomware analysis reports a late-2025 wave in which leak-site postings climbed even as active group counts fell, with Qilin, Akira and Sinobi identified as the most prolific operators and Qilin linked to over 450 victims, Akira to over 200 victims, and Sinobi to a listings surge of over 300%.
Show sources
- Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups — www.infosecurity-magazine.com — 29.01.2026 15:01
- Ransomware Victim Numbers Rise, Despite Drop in Active Extortion Groups — www.infosecurity-magazine.com — 29.01.2026 15:01