Greetings, Cybersecurity Enthusiasts!

February sustained elevated breach volume with continued ransomware concentration among a handful of highly active groups. Professional services and manufacturing remained primary targets, while several globally recognized brands made headlines. Here is what defined the month.

📊 Cyber Incidents Breakdown

Across all monitored sources, we recorded 1,762 breaches in February. Ransomware remained a leading driver of high-impact events alongside persistent defacement activity and underground forum exposure.

Source Mix

• Ransomware Posts: 663
• Defacements: 547
• Hacker Forums: 347
• News Coverage: 144
• Official Reports: 58
• SEC Filings: 1
• Leak Reports: 2

💥 Most Active Ransomware Gangs

The most prolific ransomware groups in February were:

1. Qilin — 103 victims
2. Gentleman — 89 victims
3. Akira — 47 victims
4. Play — 44 victims
5. Clop — 43 victims

Qilin again led ransomware activity, while Gentleman demonstrated significant operational acceleration. Akira, Play, and Clop maintained steady multi-industry targeting.

🆕 Enhanced Ransomware Gang Tracking

HackNotice expanded intelligence coverage for the following groups due to increased activity and infrastructure visibility:

• shadowbyt3$
• cipherforce
• fulcrumsec
• payload
• insomnia
• bravox

📰 Breaches That Made the News

Several high-profile breaches captured attention in February:

• Evergreen Healthcare Group: https://app.hacknotice.com/#/hack/699fa494de7caace1913ebb4
• Optimizely: https://app.hacknotice.com/#/hack/699c9b2ade7caace1957e3c6
• Land and Agricultural Development Bank of South Africa: https://app.hacknotice.com/#/hack/699c5f3dde7caace198a1da5
• Taipei’s Grand Hotel: https://app.hacknotice.com/#/hack/699ae8bdde7caace19efbdb6
• PayPal: https://app.hacknotice.com/#/hack/69986059de7caace19dc77a6
• MD Chart: https://app.hacknotice.com/#/hack/6997f450de7caace19ecbc5d

🏭 Industry and Geography Insights

Industries Most Impacted

• Professional, Scientific, and Technical Services: 16.6%
• Manufacturing: 13.6%
• Construction: 9.3%
• Information: 8.9%
• Transportation and Warehousing: 7.1%

Industry Trends

• Professional services continued to absorb the highest share of ransomware victims, reinforcing third-party exposure risk.
• Manufacturing and construction remained disruption-prone sectors with high operational leverage for attackers.
• Information and transportation sectors saw sustained targeting linked to access abuse and data exposure campaigns.

🌍 Regions Most Affected

• North America: 58.6%
• Europe: 17.4%
• Asia: 10.3%
• South America: 7.1%
• Middle East: 3.6%
• Africa: 2.3%
• Oceania: 0.7%

Regional Trends

• North America remained the dominant ransomware concentration zone.
• Europe sustained consistent exposure across commercial and public institutions.
• Asia’s share increased relative to prior months, reflecting expanded targeting by several active gangs.

✅ Closing Thoughts

February reinforced ransomware’s central role in global breach activity. With Qilin maintaining leadership and new groups increasing visibility, adversary operations remain concentrated yet persistent across industries and regions.

🔍 If you are not tracking ransomware’s role in third-party exposure, you are missing a critical blind spot.
Stay ahead of shifting threats with HackNotice’s real-time intelligence across ransomware, breaches, and dark-web activity.

👉 Request a demo to see how HackNotice helps you manage third-party risk.