Manufacturing, technology, and healthcare organizations: Industries most affected by ransomware in 2026

An analysis conducted in late 2025 by ESET, a leading company in proactive threat detection, highlighted the evolution of ransomware (data kidnapping) as one of trends to watch closely in 2026. This first quarter of the year confirms its importance, and the cybersecurity company analyzes the most attacked industries, which countries were most affected, the situation in Latin America, and the incidence of each group.

Topics of paramount importance and interest to both experts and cautious users who follow these incidents.

According to the ransomware.live report, the three groups that dominated the first quarter of the year were Qilin, The Gentlemen, and Akira, which together accounted for almost 900 victims, representing more than 30% of the total attacks (approximately 2,200).

 

Qilin ransomware took first place with more than 400 attacks during the quarter. This ransomware-as-a-Service (RaaS) group, which also held this position last year, took the professionalization of cybercrime to a new level, so to speak, by providing legal counsel to its affiliates to strengthen their leverage during ransom negotiations.

Second place, with almost 250 attacks, went to The Gentlemen. This RaaS group represents a new era: it is moving away from mass attacks to focus on tailored operations. A silent and far more dangerous model, according to ESET, that redefines the rules of the game with targeted and adaptive campaigns.

Akira completed this negative podium, with more than 200 attacks to its name, many in Latin America. Its spread was so widespread that it even put major cybersecurity agencies around the world on alert, including the FBI.

Regarding the industries most affected by ransomware during the first three months of 2026, ESET found the manufacturing, technology, and healthcare sectors to be the most impacted. Following closely behind were business services, construction, and financial services.

 

“What is clear is that cyber attackers do not choose their victims randomly, but rather seek out organizations where they can generate a strong impact or sense of urgency, whether due to the immediate need to have their systems available, because they cannot afford long operational downtime, or because they handle critical or sensitive information. Ransomware groups continue to focus on economic and reputational impact, targeting industries undergoing digitalization but demonstrating less maturity in cybersecurity,” says Mario Micucci, Cybersecurity Researcher at ESET Latin America.

Internationally, with more than 1,000 attacks recorded, the United States was the country most affected by ransomware during the first quarter of 2026. The countries that followed recorded only 100 attacks or fewer, such as Germany, Great Britain, and France. Canada completed the top five affected countries.

 

Regarding Latin America, Brazil (50 attacks) and Mexico (30) were the most affected countries, but incidents were also recorded in Argentina, Chile, Peru, Paraguay, Ecuador, Venezuela, Colombia, Guatemala, Panama, and the Dominican Republic

The first quarter of 2026 confirms the trend that ransomware is not a temporary or declining threat, but a consolidated and constantly evolving phenomenon. “The combination of highly active groups, new emerging actors, and increasingly targeted attacks demonstrates that the model remains profitable for cyber attackers. Looking ahead, the focus should be on how organizations can strengthen their prevention, detection, and response capabilities, especially in critical sectors and regions where cybersecurity maturity still has significant gaps,” concludes Micucci of ESET.

For more information on this topic, please visit: https://www.welivesecurity.com/es/ransomware/actividad-ransomware-primer-trimestre-2026/.

Additionally, for other useful preventative information, visit https://www.eset.com/ve/ in Venezuela, and follow them on social media @eset_ve, Instagram (@esetla), and Facebook (ESET).

With information and image reference ​​provided by ESET and Comstat Rowland

Follow our news on Google! For current, interesting, and accurate information, click here to see all the content on Bitfinance.news. You can also find us on X/Twitter and Instagram