Global Cyberattack Trends Shift in May 2026: Ransomware Surges as New Sectors Face Growing Threats
Global cyberattack activity saw a slight decline in May 2026, with organizations experiencing an average of 2,055 weekly attacks a 7% drop from April but a 2% increase year-over-year, according to Check Point Research. Despite the overall dip, the threat landscape remained volatile, with ransomware attacks spiking dramatically and previously low-risk sectors emerging as prime targets.
Ransomware Dominates with Record Growth
May marked the highest year-over-year ransomware surge of 2026, with 698 attacks recorded globally a 48% increase from May 2025. The rise was widespread, with Asia seeing a 119% jump, EMEA up 40%, and the Americas increasing by 39%. Business services bore the brunt, accounting for 35% of all ransomware victims, followed by sharp rises in consumer goods (223% YoY) and industrial manufacturing (50% YoY).
The ransomware ecosystem also grew more fragmented, with 61 active groups operating in May. Qilin led the field, responsible for 14% of published attacks, followed by The Gentlemen (10%) a group that had zero recorded activity in May 2025 and DragonForce (8%). The top three groups accounted for 39% of attacks, while the remaining 61% were spread across 58 other groups, reflecting the industrialized and competitive nature of the ransomware market.
New Sectors Under Fire as Digitalization Expands
While education (4,641 weekly attacks per organization), government, and telecommunications remained the most targeted sectors, agriculture, hospitality, travel, recreation, and construction saw significant year-over-year increases sectors that were not considered high-risk just two years ago. Agriculture surged 51% to 2,243 weekly attacks, while hospitality and construction rose 24% and 23%, respectively. The shift is attributed to rapid digitalization and the proliferation of automated attack tools.
Regional Disparities Persist
Latin America remained the most targeted region, with 3,149 weekly attacks per organization and a 13% YoY increase, driven by rapid digital adoption outpacing security maturity. Africa saw the most dramatic decline (20% YoY), though attack volumes remained high. North America absorbed 49% of global ransomware incidents, with the U.S. alone accounting for 43% of victims, followed by Canada (5.6%), the UK (4.6%), Germany (4.0%), and Spain (3.0%).
GenAI Adoption Introduces New Risks
Enterprise adoption of generative AI (GenAI) continued to grow, but so did associated risks. One in 25 GenAI prompts from enterprise networks carried a high risk of sensitive data leakage, with 22% of prompts containing potentially sensitive information. Organizations used an average of nine different GenAI tools, while the average user submitted 70 prompts per month.
A Shifting Threat Landscape
While overall attack volumes dipped, the underlying trends paint a more concerning picture: ransomware is expanding at an unprecedented rate, new groups are maturing faster than ever, and previously overlooked sectors are now under siege. The threat landscape is not just evolving it is reorganizing, with attackers leveraging automation, fragmentation, and tactical innovation to outpace defensive measures.
The Hacker News cybersecurity rating report: https://www.rankiteo.com/company/thehackernews
"id": "THE1781260260",
"linkid": "thehackernews",
"type": "Ransomware",
"date": "5/2026",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'business services',
'location': 'global',
'type': 'sector'},
{'industry': 'consumer goods',
'location': 'global',
'type': 'sector'},
{'industry': 'industrial manufacturing',
'location': 'global',
'type': 'sector'},
{'industry': 'agriculture',
'location': 'global',
'type': 'sector'},
{'industry': 'hospitality',
'location': 'global',
'type': 'sector'},
{'industry': 'construction',
'location': 'global',
'type': 'sector'},
{'industry': 'education',
'location': 'global',
'type': 'sector'},
{'industry': 'government',
'location': 'global',
'type': 'sector'},
{'industry': 'telecommunications',
'location': 'global',
'type': 'sector'}],
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'high',
'type_of_data_compromised': 'sensitive information'},
'date_detected': '2026-05',
'date_publicly_disclosed': '2026-05',
'description': 'Global cyberattack activity saw a slight decline in May 2026, '
'with organizations experiencing an average of 2,055 weekly '
'attacks (a 7% drop from April but a 2% increase '
'year-over-year). Despite the overall dip, ransomware attacks '
'spiked dramatically, and previously low-risk sectors emerged '
'as prime targets. Ransomware attacks reached 698 globally (a '
'48% increase from May 2025), with business services, consumer '
'goods, and industrial manufacturing being the hardest hit. '
'New sectors like agriculture, hospitality, and construction '
'saw significant increases due to rapid digitalization.',
'impact': {'data_compromised': True},
'lessons_learned': 'The threat landscape is reorganizing, with attackers '
'leveraging automation, fragmentation, and tactical '
'innovation to outpace defensive measures. Rapid '
'digitalization in previously low-risk sectors has '
'introduced new vulnerabilities.',
'motivation': ['financial gain', 'data exfiltration'],
'post_incident_analysis': {'root_causes': ['rapid digitalization',
'proliferation of automated attack '
'tools',
'fragmented ransomware ecosystem']},
'ransomware': {'data_encryption': True, 'data_exfiltration': True},
'references': [{'date_accessed': '2026-05', 'source': 'Check Point Research'}],
'threat_actor': ['Qilin', 'The Gentlemen', 'DragonForce'],
'title': 'Global Cyberattack Trends Shift in May 2026: Ransomware Surges as '
'New Sectors Face Growing Threats',
'type': ['ransomware', 'data_leakage']}