-

Ransomware Victims Rise 43% as AI Becomes a Productivity Tool for Threat Actors, GuidePoint Security Finds

New Report From the GuidePoint Research and Intelligence Team (GRIT) Reveals Adversaries Are Using AI to Sharpen Negotiations and Increase Pressure on Victims

RESTON, Va.--(BUSINESS WIRE)--GuidePoint Security, the cybersecurity advisor and services partner organizations rely on to protect what matters most, today released the GuidePoint Research and Intelligence Team’s (GRIT) Q2 2026 Ransomware and Cyber Threat Insights Report.

Defensive progress is forcing attackers to adapt.

Share

The report found that ransomware activity continued to climb in the second quarter of 2026 as threat actors increasingly use artificial intelligence as a productivity enabler. Threat actors claimed 2,279 reported ransomware victims in Q2 2026, a 7% quarter-over-quarter increase and a 43% year-over-year increase. GRIT also observed a record-high 91 active ransomware groups across 108 countries, reflecting a threat landscape that is growing in volume, reach and operational efficiency.

“AI is giving threat actors a faster path from stolen data to negotiation leverage,” said Grayson North, Principal Threat Intelligence Consultant at GuidePoint Security. “They can tailor their pressure on victims and professionalize negotiations without needing a major leap in capability. That changes how organizations need to prepare for extortion.”

Key findings from the report include:

  • Ransomware victim volume continues to increase. Q2 2026 recorded 2,279 reported ransomware victims, up 7% from Q1 2026 and 43% from Q2 2025. Weekly victim postings never fell below 150 during the quarter.
  • Active threat groups reached a record high. GRIT observed 91 active ransomware groups in Q2 2026, the highest number across all observed periods, with operations spanning 108 countries.
  • Top threat actors continue to dominate activity. The five most prolific groups collectively claimed more than 40% of all recorded attacks. Qilin remained the most active group, while The Gentlemen continued its rapid ascent into the second spot, and DragonForce became the third most active group for the first time.
  • AI is emerging as a threat actor productivity tool. Rather than enabling a wave of catastrophic AI-native attacks, GRIT observed threat actors using large language models to analyze exfiltrated data, personalize ransom negotiations and manufacture psychological pressure.
  • Manufacturing remains the most impacted industry. Manufacturing accounted for nearly 15% of reported ransomware victims in Q2 2026. Manufacturing has maintained the top spot in GRIT’s analysis for several years.

“Defensive progress is forcing attackers to adapt,” North added. “Organizations have improved backup and recovery programs, but attackers are finding leverage that a system restore cannot erase. A strong restore strategy still matters, but it has to be paired with a clear understanding of what data could be exposed, how it could be weaponized and how to limit that leverage before an incident.”

The report also examines how data extortion is gaining ground over encryption, the escalation of supply chain and SaaS integration attacks, and the emergence of cloud-focused groups like FulcrumSec.

The GRIT Q2 2026 Ransomware & Cyber Threat Insights Report is based on data obtained from publicly available resources, vendor threat research, internal incident response case data and open-source intelligence collected from illicit forums and marketplaces.

For more information:

About GuidePoint Security

GuidePoint Security helps organizations overcome the most complex cybersecurity challenges, mature their security posture, minimize risk and ensure compliance. As a trusted cybersecurity advisor and partner, GuidePoint keeps people, data, and operations safe. We deliver tailored cybersecurity services and offerings that adapt and scale to safeguard the nation’s leading organizations today, while preparing them to confidently face tomorrow's cyber challenges. More than 5,900 organizations of all sizes and across every industry, as well as over half of U.S. cabinet-level agencies, rely on GuidePoint to strengthen their defenses and reduce risk. Stronger Together. Protecting What’s Next. Learn more at guidepointsecurity.com.

Contacts

Nicole Lavella
nicole.lavella@guidepointsecurity.com
703-403-7066

GuidePoint Security

Details
Headquarters: Herndon, VA
CEO: Michael Volk
Employees: 875
Organization: PRI

Release Summary
A new GuidePoint Security report finds ransomware victims rose 43% YoY in Q2 as threat actors use AI to increase productivity.
Release Versions

Contacts

Nicole Lavella
nicole.lavella@guidepointsecurity.com
703-403-7066

Social Media Profiles
More News From GuidePoint Security

GuidePoint Security Appoints Scott Rachford as Chief Executive Officer

RESTON, Va.--(BUSINESS WIRE)--GuidePoint Security has appointed Scott Rachford as Chief Executive Officer....

GuidePoint Security and FAIR Institute Report Finds Cyber Risk Management Gaining Strategic Influence Across the Enterprise

RESTON, Va.--(BUSINESS WIRE)--GuidePoint Security and The FAIR Institute have released the 2026 State of Cyber Risk Management Report....

GuidePoint Security Named to Inc.’s 2026 Best Workplaces List

RESTON, Va.--(BUSINESS WIRE)--GuidePoint Security has been named to Inc.’s 2026 Best Workplaces list, marking its sixth time on the annual list....
Back to Newsroom