{"id":210270,"date":"2026-05-07T11:33:00","date_gmt":"2026-05-07T15:33:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/07\/businesses-hide-vast-majority-of-ransomware-attacks-report-finds\/"},"modified":"2026-05-07T11:35:06","modified_gmt":"2026-05-07T15:35:06","slug":"businesses-hide-vast-majority-of-ransomware-attacks-report-finds","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/05\/07\/businesses-hide-vast-majority-of-ransomware-attacks-report-finds\/","title":{"rendered":"Businesses hide vast majority of ransomware attacks, report finds"},"content":{"rendered":"<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/ransomware-undisclosed-attacks-blackfog\/819595\/\">Businesses hide vast majority of ransomware attacks, report finds<\/a><\/p>\n<p><a href=\"https:\/\/www.cybersecuritydive.com\/news\/ransomware-undisclosed-attacks-blackfog\/819595\/\">https:\/\/www.cybersecuritydive.com\/news\/ransomware-undisclosed-attacks-blackfog\/819595\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-05-07 11:33:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.cybersecuritydive.com\">www.cybersecuritydive.com<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. <\/p>\n<p>Dive Brief:<\/p>\n<p>Companies around the world have been keeping the vast majority of ransomware attacks secret, according to a new report from the security firm BlackFog.<br \/>\nThe number of undisclosed attacks in the first quarter of 2026 was almost 10 times as large as the number of disclosed attacks, according to the report published Wednesday.<br \/>\nBlackFog\u2019s report, based on information from dark-web leak sites, also includes data on the most targeted sectors and new tools that have emerged in the cybercrime ecosystem.<\/p>\n<p>Dive Insight:<br \/>\nBlackFog\u2019s threat intelligence team identified 264 publicly disclosed ransomware attacks in the first three months of 2026, but it also identified 2,160 undisclosed attacks. While the number of disclosed attacks represented a 15% year-over-year decrease, the number of undisclosed attacks ticked up slightly from Q1 2025.<br \/>\nThe U.S. was by far hackers\u2019 dominant target, with U.S. organizations accounting for half of all undisclosed attacks (1,070) and 61% of all disclosed attacks.<br \/>\nThe Qilin ransomware gang was the most active group in both segments, accounting for 16% of undisclosed attacks and 8% of disclosed attacks. But the second- and third-most active groups differed between segments. A relatively new group called The Gentlemen accounted for the second-most undisclosed attacks, followed by Akira, while ShinyHunters accounted for the second-most disclosed attacks, followed by INC.<br \/>\nManufacturing was the most targeted sector among undisclosed attacks, accounting for more than one-fifth of all such incidents, while healthcare was the most commonly targeted sector among disclosed attacks, accounting for 27% of those incidents. Among disclosed attacks, government organizations (12%) and information technology companies (11%) were the next most targeted.\u00a0<br \/>\nVirtually all (96%) disclosed attacks involved data exfiltration, BlackFog said, highlighting attackers\u2019 focus on data theft as a source of leverage and profit.<br \/>\n\u201cWhile the decline in total attacks may suggest incremental progress,\u201d BlackFog researchers wrote, \u201cthe sustained volume of incidents, high rate of data exfiltration, and significant proportion of unattributed activity demonstrate that ransomware continues to evolve and pose a significant risk to organizations worldwide.\u201d<br \/>\nIn the first quarter of the year, hackers increasingly favor \u201cmore accessible and scalable tooling that reduces complexity and shortens the path from compromise to impact,\u201d according to the report.<br \/>\nOne popular tool was the Venom Stealer infostealer, which hackers delivered using the ClickFix infection technique and which BlackFog said \u201cturns social engineering into a continuous data exfiltration pipeline.\u201d Researchers also identified a new command-and-control framework, dubbed Lotus C2, that features ready-to-use infrastructure for managing malware and maintaining access to victim networks. \u201cIts modular design and ease of use lower the barrier to entry for less sophisticated actors, enabling broader adoption of advanced attack capabilities,\u201d BlackFog said.<br \/>\nOne of the most concerning new attack surfaces is shadow AI, which has proliferated as employees race to adopt new AI tools without the necessary permissions or security measures. According to prior BlackFog research, 49% of employees use AI programs that their companies haven\u2019t approved, 51% have connected AI tools to other platforms without approval and 58% use free AI tools that lack enterprise security protections. Six in 10 respondents also said the speed benefits of AI were worth the security risks.<\/p>\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Businesses hide vast majority of ransomware attacks, report finds https:\/\/www.cybersecuritydive.com\/news\/ransomware-undisclosed-attacks-blackfog\/819595\/ Publish Date: 2026-05-07 11:33:00 Source&#8230;<\/p>\n","protected":false},"author":1,"featured_media":210271,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/imgproxy.divecdn.com\/7eClIEpkaqdDq-BCzSLXICE27sGjrfOYZFN7uyEmnlo\/g:ce\/rs:fit:770:435\/Z3M6Ly9kaXZlc2l0ZS1zdG9yYWdlL2RpdmVpbWFnZS9HZXR0eUltYWdlcy0xMzk5OTgwMDQ2LmpwZw==.webp","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[26,36,32],"class_list":["post-210270","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-ai","tag-infostealer","tag-malware"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210270"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=210270"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210270\/revisions"}],"predecessor-version":[{"id":210273,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/210270\/revisions\/210273"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/210271"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=210270"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=210270"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=210270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}