Cybersecurity incidents have surged in April 2026, with sophisticated AI-driven phishing campaigns, ransomware arrests, and widespread scams targeting individuals and institutions. This report consolidates key events, threats, and mitigation strategies reported in the past week.
Ransomware and Cybercrime Arrests
German authorities have identified Daniil Shchukin (alias UNKN) and Anatoly Kravchuk as key figures behind the REvil and GandCrab ransomware gangs. These gangs are responsible for 24 attacks, generating $2.3M in ransoms and $40M in damages.
The suspects operated under a ransomware-as-a-service (RaaS) model, where affiliates conducted attacks in exchange for a cut of profits. REvil’s high-profile victims included Lady Gaga’s law firm, Kaseya, and Trump’s organization before its 2021 dismantlement. Ransomware attacks continue to be a significant threat, with new variants and tactics emerging regularly.
Broader Context:
While Russia’s FSB arrested 14 REvil members in 2022, legal proceedings have stalled, with only 8 suspects facing charges. European efforts continue to target Russian-linked cybercrime networks, including Black Basta, with two Ukrainian suspects identified earlier this year.
Ransomware and Cybercrime Arrests
German authorities identified Daniil Shchukin (alias UNKN) and Anatoly Kravchuk as key figures behind the REvil and GandCrab ransomware gangs. These gangs were responsible for 24 attacks, generating $2.3M in ransoms and $40M in damages. The suspects operated under a ransomware-as-a-service (RaaS) model, where affiliates conducted attacks in exchange for a cut of profits. REvil’s high-profile victims included Lady Gaga’s law firm, Kaseya, and Trump’s organization before its 2021 dismantlement.
Broader Context:
While Russia’s FSB arrested 14 REvil members in 2022, legal proceedings have stalled. European efforts continue to target Russian-linked cybercrime networks, including Black Basta. The complexity of these operations highlights the need for international cooperation and advanced cybersecurity measures. For more insights on cybercrime trends and mitigation strategies, refer to cyber-kinetic conflicts.
Government and Institutional Scams
The Social Security Administration (SSA) warned of a surge in phishing emails impersonating official communications. Scams include fake cost-of-living adjustment (COLA) notices directing users to malicious websites and threats of benefit suspension unless personal/financial data is provided.
Red Flags:
- Emails lacking ‘.gov’ domains.
- Urgent requests for bank details or SSN confirmation.
- Unsolicited attachments (e.g., ‘official statements’).
Response:
Victims should report scams via the SSA OIG or FBI IC3.
Financial Crime and Fraud Trends
The FBI’s Internet Crime Complaint Center (IC3) reported a 26% increase in cybercrime losses in 2025. Key findings include investment fraud, business email compromise, and tech support scams. Cryptocurrency and wire transfers were commonly used payment methods.
Critical Infrastructure Targets:
Healthcare, manufacturing, financial services, government, and IT sectors faced the highest ransomware impact.
In Thailand, the Anti Cyber Scam Centre (ACSC) reported 7,366 cases between March 29 and April 4, 2026, with $1.24M in losses, down 70% due to faster fund freezes. Emerging tactics include ‘free goods’ scams luring victims into Line groups and high-paying job scams. Enforcement resulted in 16 arrests and $53K in cash seized, $192K in transfers blocked.
In South Korea, TV personality Jee Seok-jin discussed a vishing scam targeting his wife. The call claimed her bank account was tied to a crime, exploiting deepfake voice technologies and AI-driven social engineering. Criminal profiler Kwon Il-yong warned of the ‘Pinocchio effect’ and the rise of DeepVoice scams. Enforcement resulted in 16 arrests and $53K in cash seized, $192K in transfers blocked.
Final words
April 2026 highlights the evolving sophistication of cyber threats, from AI-powered phishing to ransomware-as-a-service and deepfake scams. Law enforcement efforts are ramping up, but public vigilance and proactive cybersecurity measures remain critical. Organizations must prioritize identity protection, employee training, and incident response planning to mitigate risks. Report any suspicious activity to authorities.