Ransomware Report - 04/19/2026
Statistical Overview
Victim Totals
- This month: 471
- This quarter: 471
- Year to date: 3092
- Last 24h: 15
Quarterly Breakdown
| Q1: 2622 | Q2: 471 | Q3: 0 | Q4: 0 |
|---|
Q2 activity continues to build with 471 victims recorded to date, reflecting an active start to the quarter, although a slowdown compared to Q1's aggressive pace.
Introduction
PurpleOps recorded 15 new ransomware victims in the last 24 hours, bringing the total for Q2 to 471. The_Gentelman was the most active group, responsible for 9 reported breaches, followed by Qilin with 4. The United States, Brazil, and the United Kingdom saw attacks, and sectors such as Transportation & Logistics and Technology / Software were targets.
Ransomware Summary Table
| # | Group | Victims (24h) | Sample Victims | Geos | Sectors |
|---|---|---|---|---|---|
| 1 | The Gentelman | 9 | Anderlues, Bmtp, Jean cultural (+6) | Brazil, United Kingdom | Transportation & Logistics, Technology / Software |
| 2 | Qilin | 4 | Henley, Hs technology group, Nanometrics (+1) | United States, Canada | Agriculture & Food, Financial Services |
| 3 | CoinbaseCartel | 1 | Astm group | Italy | Professional Services |
| 4 | PayoutsKing | 1 | Englewood lab | United States | Manufacturing |
Today's activity was primarily from The_Gentelman, accounting for 9 victims across Transportation & Logistics and Technology / Software in Brazil and the United Kingdom. Qilin had consistent activity with 4 new victims, predominantly in the United States and Canada, targeting Agriculture & Food and Financial Services. CoinbaseCartel listed the Astm group in Italy, an infrastructure entity. This shows critical infrastructure remains a target. More information on Q2 trends and groups like CoinbaseCartel is available in our Ransomware Intelligence Q2: April 18 Update.
Victim Distribution
By Country
- United States: 5
- Belgium: 1
- Brazil: 1
- Canada: 1
- Denmark: 1
- Ireland: 1
- Italy: 1
- Poland: 1
- Taiwan: 1
- Thailand: 1
By Industry
- None: 1
- Clinical Laboratory Services: 1
- Seismic Monitoring Solutions: 1
- Freight Forwarding and Logistics: 1
- Legal Services: 1
- Infrastructure: 1
- B2B Online Retail: 1
- Stationery and Gift Manufacturing: 1
- Logistics and Maritime Services: 1
- Information Technology and Services: 1
Attacks spread across ten different countries. The United States was the most targeted nation. Industry targeting also varied, suggesting most reported incidents were opportunistic rather than highly specialized campaigns.
Ransomware News
Topline
No new significant ransomware news or incident reports surfaced in the last 24 hours.
Campaigns & Operations
Activity remains focused on previously identified campaigns. Threat actors reported no new major incident disclosures or large-scale operations. This suggests sustained, not novel, operations.
Vulnerabilities & TTPs
Ransomware groups identified or exploited no new critical vulnerabilities (CVEs) or significant shifts in Tactics, Techniques, and Procedures (TTPs) in the past day.
Analyst Note
Current intelligence points to a continuation of existing ransomware methodologies and targeting profiles. No new strategic shifts immediately emerged.
Technical Takeaways
- The_Gentelman group showed significant activity, accounting for 60% of new victims in the last 24 hours. They primarily affected Brazil and the United Kingdom across transportation and technology sectors. For more on this group, see our Daily Ransomware Report from January 12, 2026.
- Qilin ransomware had consistent activity, with 4 new victims in North America (United States, Canada). They focused on agriculture, food, and financial services sectors. An in-depth analysis of their operations is available in our Qilin Ransomware: Victims, Attacks, and Analysis.
- Ransomware operations targeted a broad geographic spread, impacting 10 different countries with just 15 new victims. This suggests widespread, opportunistic targeting, not concentrated regional campaigns.
- Industry targeting remains diverse; no single sector was heavily disproportionate. Logistics, technology, and manufacturing continue to appear frequently.