Trends and threats from the past quarter, with insights to protect your organization.
Get the latest report from the GuidePoint Research & Intelligence Team (GRIT), which digs into findings from the first quarter of 2026. Dive into insights like these:
- Ransomware activity remains elevated. After a late 2025 surge, Ransomware volume in Q1 held steady both quarter-over-quarter (QoQ) and year-over-year (YoY), signaling that elevated attack levels have become the new normal.
-
- The United States is the leading ransomware target. 50% of observed ransomware victims in Q1 2026 were based in the United States, followed by the United Kingdom (4%) and Canada (4%).
- Ransomware activity intensifies in the construction sector. While manufacturing remained the most impacted industry, the construction industry joined the top 5 with 131 ransomware victims in Q1 2026—a 44% increase YoY—making it one of the most impacted industry verticals.
- Data extortion-only attacks are increasing. Threat actors are bypassing encryption in favor of data theft and extortion-only operations, reflecting an evolution in ransomware tactics.
- New threat groups are rapidly gaining ground. The Gentlemen, a RaaS group which emerged in August 2025, surged from 35 victims in Q4 2025 to 182 in Q1 2026, becoming the second most active group. Meanwhile, activity from established groups Qilin and Akira declined by 25% and 22%, respectively.
-
Download the report now.
