Ransomware Activity Declines Yet Remains a Major Threat in 2026, New Post‑Quantum Families Emerge
What Happened — Kaspersky’s 2026 ransomware outlook shows a modest drop in overall attack frequency, but ransomware continues to generate multi‑billion‑dollar losses, especially in manufacturing. Threat actors are adopting “EDR killers,” BYOVD driver abuse, and the first post‑quantum cryptography‑based ransomware families.
Why It Matters for TPRM —
- Persistent ransomware risk demands continuous vendor‑risk monitoring, even when headline attack counts fall.
- Emerging encryption‑less extortion and quantum‑resistant ransomware raise the bar for incident response and data‑protection contracts.
- Access‑as‑a‑Service (AaaS) brokers are expanding their foothold, increasing supply‑chain exposure for third‑party services.
Who Is Affected — All industry sectors; manufacturing highlighted with > $18 B losses in Q1‑Q3 2025, but finance, healthcare, and cloud providers also report incidents.
Recommended Actions — Review all third‑party contracts for ransomware‑specific clauses, verify that vendors employ up‑to‑date EDR solutions resistant to driver‑level attacks, and ensure incident‑response playbooks cover encryption‑less extortion scenarios.
Technical Notes — Attack vectors now include “EDR killers” that terminate security agents, BYOVD (Bring‑Your‑Own‑Vulnerable‑Driver) techniques, and the first ransomware families using post‑quantum cryptographic algorithms. No specific CVEs disclosed; threat actors continue to leverage existing Windows driver signing mechanisms. Source: SecureList – State of ransomware in 2026