May 2026 witnessed a surge in cybersecurity incidents, from large-scale bank frauds to ransomware attacks. This report consolidates key events, including a Rs 645-crore bank scam in India, ransomware trends in 2026, extradition of a fugitive in a major fraud case, and collaborative efforts to combat cyber fraud.
Ransomware: Evolving Threats and Law Enforcement Responses
Kaspersky’s 2026 Ransomware Report reveals alarming trends: Post-quantum ransomware: New families like PE32 use ML-KEM encryption, making decryption nearly impossible without paying ransoms. Quantum-resistant algorithms are being adopted by groups like Gentlemen, Devman, and MintEye.
Encryptionless extortion: With ransom payments dropping to 28%, groups like ShinyHunters focus on data theft and public leaks instead of encryption. Victims are coerced into paying to prevent reputational damage.
A recent blog post highlighted the growing concern over Post-quantum ransomware. Groups are now leveraging quantum-resistant algorithms to ensure that encrypted data remains inaccessible without the correct decryption keys.
The AuditTeam ransomware group claimed responsibility for breaching Tr***ic, threatening to leak confidential data unless negotiations began. This incident underscores the growing targeting of mid-sized organizations and the need for dark web monitoring to detect breaches early.
Ransomware Evolving Threats and Law Enforcement Responses
Kaspersky’s 2026 Ransomware Report reveals alarming trends:
Post-quantum ransomware: New families like PE32 use ML-KEM encryption, making decryption nearly impossible without paying ransoms. Quantum-resistant algorithms are being adopted by groups like Gentlemen, Devman, and MintEye. Ransomware groups are leveraging advanced encryption methods to stay ahead of defenses.
Encryptionless extortion: With ransom payments dropping to 28%, groups like ShinyHunters focus on data theft and public leaks instead of encryption. Victims are coerced into paying to prevent reputational damage. This shift highlights the evolving tactics of ransomware groups, moving away from traditional encryption methods.
EDR killers and defense evasion: Attackers use Bring Your Own Vulnerable Driver (BYOVD) techniques to disable Endpoint Detection and Response (EDR) tools, exploiting signed drivers to bypass security. The ransomware landscape is becoming increasingly complex, requiring robust defense strategies.
Initial Access Brokers (IABs): The access-as-a-service market thrives, with brokers selling compromised RDP, VPN, and RDWeb credentials. Qilin, Clop, and Akira remain the most active ransomware groups in 2025–2026. The market for initial access continues to grow, fueling the ransomware economy.
Law enforcement crackdowns: Authorities seized RAMP, LeakBase, Nulled, and Cracked forums, along with data leak sites (DLS) of BlackSuit and 8Base. However, new groups quickly replace dismantled operations, highlighting the ongoing challenge of combating ransomware. Despite these efforts, the fight against ransomware remains persistent. Ransomware attacks continue to target organizations globally.
Kaspersky recommends proactive patching, Zero Trust Network Access (ZTNA), and immutable backups to mitigate risks. As the ransomware landscape evolves, organizations must stay vigilant and adapt their defenses to counter these emerging threats.
Law Enforcement and Regulatory Actions
The Central Bureau of Investigation (CBI) extradited Kamlesh Parekh from the UAE in connection with a large-scale bank fraud involving a consortium led by the State Bank of India (SBI). Parekh, a Red Notice subject, allegedly diverted funds through overseas entities using fraudulent transactions. His extradition follows Interpol coordination and marks India’s 150th successful repatriation of fugitives in recent years. This success underscores the importance of international cooperation in bringing cybercriminals to justice.
In another significant move, India’s Indian Cyber Crime Coordination Centre (I4C) and the Reserve Bank Innovation Hub (RBIH) signed an MoU to tackle mule accounts. These accounts are often used to launder proceeds from cyber fraud. The partnership will leverage AI-driven tools like MuleHunter.ai to detect suspicious transactions. This initiative aims to strengthen fraud prevention in digital payments and banking, highlighting the collaborative efforts needed to combat cybercrime. Cybercrime surges continue to be a global concern, with various countries implementing similar measures to enhance cybersecurity.
Emerging Threats: Data Centers and Critical Infrastructure
The proposed Project Green Mountain data center in Archbald, Pennsylvania, faces scrutiny over its 196 diesel backup generators and traffic impact. Key issues raised during public hearings include:
- Air emissions: Generators can store 1.96 million gallons of diesel and run 50 hours/year for testing, raising pollution concerns. The Pennsylvania DEP regulates emissions under the Clean Air Act.
- Cybersecurity risks: Data centers are high-value targets for cyberattacks due to their critical role in cloud infrastructure. The project’s closed-loop cooling system and power demands (525 MW) also pose operational risks.
Final words
The cybersecurity landscape in May 2026 is marked by evolving ransomware tactics, sophisticated financial fraud, and proactive law enforcement responses. While post-quantum encryption and encryptionless extortion pose new challenges, collaborative efforts—such as the I4C-RBIH MoU and CBI’s extradition success—offer hope for mitigating risks. Organizations and individuals must adopt defensive measures, from patch management to dark web monitoring, to stay ahead of threats. As WannaCry’s anniversary reminds us, preparedness and cooperation are key to resilience in an increasingly digital world.