Cyble Threat Report Flags Supply Chain Ransomware Risk

Cyble, a global leader in AI-powered threat intelligence, has released its Threat Landscape Report – January 2026, revealing that ransomware activity continues at elevated levels, with 679 victims reported in a single month — marking a 30% increase over the 2025 monthly average.

The report highlights not only the sustained volume of ransomware attacks but also a concerning shift toward supply chain exposure and operational technology (OT) targeting. Threat actors increasingly exfiltrated engineering documentation, PCB layouts, CAD files, and sensitive production blueprints — amplifying downstream risk across industries.

In addition, hacktivist groups demonstrated live access to industrial control systems (ICS) in energy, water, and manufacturing environments, showcasing the escalating geopolitical cyber risks.

Key Findings from the January 2026 Report:

• 679 ransomware victims recorded in January

• 2,018 ransomware attacks in Q4 2025 (average 673 per month)

• Qilin emerged as the most active ransomware group, while CL0P resurfaced with new campaigns

• Manufacturing, construction, professional services, healthcare, and IT among the most targeted sectors

• Critical IT and ICS vulnerabilities actively exploited, including high-severity flaws affecting enterprise and industrial systems

“Ransomware actors are no longer just encrypting systems — they are strategically targeting supply chains and operational environments to maximize leverage,” said Daksh Nakra, Senior Manager of Research and Intelligence at Cyble. “Prioritizing asset visibility, third-party risk monitoring, and OT security to mitigate cascading operational impact is a given.”

The January 2026 report also outlines newly identified ransomware groups, critical vulnerabilities added to CISA’s Known Exploited Vulnerabilities (KEV) catalog, and actionable defensive recommendations for security teams.