Ransomware Attacks Surge in Early 2026 with 26 Claims in

Ransomware Activity Reaches New Highs

A troubling surge in ransomware activity has marked the beginning of February 2026, with threat intelligence sources reporting 26 ransomware claims from 8 different threat groups on February 2nd alone.

This alarming trend follows 2025's record-breaking year, where cybercrime groups targeted over 8,000 organizations globally—up from approximately 6,000 the previous year.

Major Victims Disclosed

February 3, 2026 Breaches

Multiple high-profile organizations were reportedly breached:

0APT Emerges as Major Threat

The 0APT threat actor group has emerged as a significant concern, claiming four major industrial companies in a single day. Their targets suggest a focus on manufacturing and critical infrastructure sectors.

Active Ransomware Groups

According to Check Point Research's 2026 Cyber Security Report, the most active ransomware groups currently include:

1. Qilin - Leading in total claimed victims
2. Akira - Targeting manufacturing and healthcare
3. Cl0p - Known for supply chain attacks
4. Play - Focused on enterprise targets
5. Safepay - Emerging threat actor

The number of active ransomware groups increased by approximately 30% compared to 2024.

Shifting Tactics

Data-Only Extortion Rising

A notable shift in ransomware tactics shows threat actors increasingly focusing on data exfiltration without encryption:

"AI is becoming a force multiplier across attacks, with fragmentation in ransomware moving toward data-only extortion and multi-channel social engineering attacks." — Check Point Research

Key Trends

• 44% of all data breaches now involve ransomware (up 12% YoY)
• 28% of vulnerabilities exploited within one day of CVE disclosure
• Average ransom demands continue to climb into millions

WorldLeaks Claims Nike Breach

In other extortion news, the WorldLeaks group claimed responsibility for a massive data breach at Nike, allegedly exposing:

• 1.4 terabytes of internal data
• Supply chain documentation
• Manufacturing operations data
• Internal archives

Nike has not publicly confirmed the breach. Security researchers are monitoring dark web forums for leaked data.

Under Armour Breach Confirmed

Under Armour has confirmed a ransomware breach that exposed data of 72 million customers. The compromised data has appeared on dark web marketplaces and includes:

• Customer names and email addresses
• Purchase history
• Account credentials (encrypted)
• Physical addresses

Malwarebytes researchers note: "As leaked datasets are merged and enriched, they become more useful to criminals for targeted attacks."

Defensive Recommendations

Immediate Actions

1. Review backup integrity - Ensure offline, immutable backups exist
2. Patch critical vulnerabilities - Prioritize internet-facing systems
3. Enable MFA everywhere - Especially privileged accounts
4. Segment networks - Limit lateral movement potential

Detection Focus Areas

Monitor for:
- Unusual file encryption activity
- Mass file access patterns
- Data exfiltration to unknown destinations
- Disabled security tools
- Shadow copy deletion

Outlook for 2026

Industry experts predict continued escalation:

"By mid-2026, at least one major global enterprise will fall to a breach caused or significantly advanced by a fully autonomous agentic AI system." — Michael Freeman, Head of Threat Intelligence at Armis

Organizations should prepare for:

• AI-enhanced social engineering attacks
• Faster exploitation timelines
• Increased targeting of critical infrastructure
• More sophisticated extortion tactics

Sources

• Dark Web Informer - February 2, 2026 Update
• Check Point Research - 2026 Threat Intelligence Report
• Malwarebytes - Under Armour Breach Analysis
• Emsisoft - State of Ransomware 2025 Report

Related Articles

• Incident Response: Ransomware Playbook
• CIS Controls Implementation Guide