The first week of April 2026 saw a surge in cybersecurity incidents, including sophisticated AI-driven phishing campaigns and ransomware gang unmaskings. This article explores the most critical events and their implications.
Ransomware and Law Enforcement Actions
Germany’s Federal Criminal Police Office (BKA) has identified Daniil Shchukin (alias UNKN) and Anatoly Kravchuk as key figures behind the REvil and GandCrab ransomware gangs. The duo, believed to be in Russia, are linked to 24 attacks generating $2.3 million in ransoms and causing $40 million in damages. Both groups operated under a ransomware-as-a-service (RaaS) model, targeting businesses and public institutions.
REvil, dismantled in 2021, was notorious for high-profile attacks on Lady Gaga’s law firm, Kaseya, and U.S. President Donald Trump’s associates. Despite arrests of 14 REvil members by Russia’s FSB in 2022, legal proceedings remain stalled. This announcement aligns with broader European efforts to dismantle Russian-linked cybercrime networks, including recent actions against the Black Basta ransomware group.
For more information, visit The Record.
Ransomware and Law Enforcement Actions
Germany’s Federal Criminal Police Office (BKA) has identified Daniil Shchukin (alias UNKN) and Anatoly Kravchuk as key figures behind the REvil and GandCrab ransomware gangs. The duo, believed to be in Russia, are linked to 24 attacks generating $2.3 million in ransoms and causing $40 million in damages. Both groups operated under a ransomware-as-a-service (RaaS) model, targeting businesses and public institutions.
REvil, dismantled in 2021, was notorious for high-profile attacks on Lady Gaga’s law firm, Kaseya, and U.S. President Donald Trump’s associates. Despite arrests of 14 REvil members by Russia’s FSB in 2022, legal proceedings remain stalled. This announcement aligns with broader European efforts to dismantle Russian-linked cybercrime networks, including recent actions against the Black Basta ransomware group.
Surge in Cybercrime Losses and Scam Tactics
The FBI’s Internet Crime Complaint Center (IC3) reported a 26% increase in cybercrime losses in 2025, totaling $20.9 billion—up from $4.2 billion in 2020. Key findings include investment fraud ($8.65B), business email compromise ($3.05B), and tech support scams ($2.1B). Cryptocurrency dominated investment/tech support scams, while wire transfers were prevalent in BEC attacks.
Victims aged 60+ filed 201,000 complaints, accounting for 37% of total losses ($7.75B). Ransomware saw 3,600 complaints with Akira, Qilin, and BianLian as the top variants. Critical infrastructure sectors (healthcare, manufacturing) were hardest hit.
The FBI emphasized the need for diligent cybersecurity practices, particularly as AI-driven threats evolve. Reports can be filed at IC3.gov.
Critical Infrastructure and Educational Disruptions
A cyberattack on the C2K network, which supports IT systems for Northern Ireland’s schools, forced GCSE and A-Level students to return during Easter break to reset passwords. The attack disrupted access to Microsoft Teams and learning materials, prompting schools like Cross and Passion College and St Louis Grammar to reopen for in-person password resets.
The Education Authority is investigating potential data breaches with the Information Commissioner’s Office (ICO). No confirmation of data theft has been made, but the incident highlights vulnerabilities in educational infrastructure. For more details, read the article on financial fraud.
Students and faculty faced logistical challenges, emphasizing the need for robust cybersecurity measures in educational settings. This attack underscores the importance of regular security audits and user training to mitigate risks. Understanding and mitigating data breaches is crucial for protecting sensitive information and maintaining operational continuity.
Final words
The cybersecurity landscape in April 2026 highlights the rapid evolution of threats. Proactive measures such as zero-trust architectures, user training, and cross-sector collaboration are crucial. Stay informed via official channels like the FBI IC3, Microsoft Security Blog, and CISA.