Greetings, Cybersecurity Enthusiasts!
March saw a continued surge in breach activity, with ransomware maintaining strong momentum and defacements reaching new highs. A concentrated group of ransomware gangs drove the majority of impact, while global targeting remained heavily focused on North America and Europe. Here is what defined the month.
π Cyber Incidents Breakdown
Across all monitored sources, we recorded 2,221 breaches in March, up from 1,762 in February. Ransomware remained a leading driver of high-impact events, while defacement activity surged significantly.
Source Mix
- Ransomware Posts: 813 (β from 663)
- Defacements: 940 (β from 547)
- Hacker Forums: 189 (β from 347)
- News Coverage: 183 (β from 144)
- Official Reports: 93 (β from 58)
- SEC Filings: 2 (β from 1)
- Leak Reports: 1 (β from 2)
π₯ Most Active Ransomware Gangs
The most prolific ransomware groups in March were:
- Qilin β 139 victims (β from 103)
- Akira β 82 victims (β from 47)
- Gentleman β 74 victims (β from 89)
- DragonForce β 57 victims (new top-tier entrant)
- INC β 49 victims (β from prior month levels)
Qilin extended its dominance with significant growth month-over-month. Akira rebounded strongly, while Gentleman declined slightly after a February surge. DragonForce emerged as a new top-tier actor.
π Enhanced Ransomware Gang Tracking
HackNotice expanded intelligence coverage for the following groups due to increased activity and infrastructure visibility:
- Netrunner
- Krybit
- Kyber
- Alp001
- Loki
- Exitium
- Linkc
- Ailock
π° Breaches That Made the News
Several high-profile breaches captured attention in March:
- OMI360: https://app.hacknotice.com/#/hack/69d396d4de7caace198a0406
- Airdeals, Airtips, and Payair: https://app.hacknotice.com/#/hack/69d36ccade7caace1929c99e
- Forex: https://app.hacknotice.com/#/hack/69cfe7d2de7caace19bde06f
- Adobe: https://app.hacknotice.com/#/hack/69cff938de7caace19e68335
- Drift: https://app.hacknotice.com/#/hack/69cebf6fde7caace19aa5fea
- Sportradar, Bet365, and FIBA: https://app.hacknotice.com/#/hack/69ce50fede7caace19957704
- Cisco: https://app.hacknotice.com/#/hack/69cc0e5ede7caace196c741c
π Industry and Geography Insights
Industries Most Impacted
- Professional, Scientific, and Technical Services: 15.6% (β from 16.6%)
- Manufacturing: 14.3% (β from 13.6%)
- Construction: 10.5% (β from 9.3%)
- Information: 9.2% (β from 8.9%)
- Manufacturing (Durable Goods): 5.6% (newly elevated)
Industry Trends
- Manufacturing and construction gained share, indicating increased focus on operational disruption targets.
- Professional services remained the top sector but declined slightly as attacks broadened.
- Information sector activity continued to climb alongside access-driven campaigns.
π Regions Most Affected
- North America: 54.1% (β from 58.6%)
- Europe: 23.8% (β from 17.4%)
- Asia: 8.9% (β from 10.3%)
- South America: 5.1% (β from 7.1%)
- Middle East: 4.0% (β from 3.6%)
- Africa: 2.4% (β from 2.3%)
- Oceania: 1.7% (β from 0.7%)
Regional Trends
- North Americaβs share declined as activity diversified globally.
- Europe saw a notable increase, becoming a larger secondary hotspot.
- Activity spread more evenly across smaller regions, indicating broader targeting distribution.
β Closing Thoughts
March reinforced both the scale and evolution of ransomware-driven activity. Total breaches increased, top gangs expanded operations, and targeting diversified across industries and regions compared to February.
π If you are not tracking ransomwareβs role in third-party exposure, you are missing a critical blind spot.
Stay ahead of shifting threats with HackNoticeβs real-time intelligence across ransomware, breaches, and dark-web activity.
π Request a demo to see how HackNotice helps you manage third-party risk.
