The threat of ransomware has become a primary cause of worry, threatening organizations of their data, operations, and gravely impacting their reputation. 

We saw some of the biggest advancements in the threats in 2025 from cybercriminals leveraging tools like Fraud GPT to create massive phishing campaigns and unpredictable and undetectable malware to the world’s first AI powered ransomware. 

In 2026, ransomware attacks have become more frequent, persistent, and undetectable. We have already seen some of the biggest attacks in the start of the year. Organizations will have to proactively ensure that their precious information assets are secure and assess and step up their readiness. Let us take a look at some of the most dangerous ransomware attacks in 2026.

Some ransomware facts (2025)

• The highest ransom paid was paid to the Devils angels ransomware group amounting to $75 million!
• Ransomware was part of 44% of all investigated data breaches
• There was a 58% increase in ransomware attacks in 2025
• 32% of ransomware attacks were orchestrated through exploitation of vulnerabilities.

(source – Verizon DBIR 2025, SOCRadar, Guidepoint). 

(Source – SocRadar, Check Point Research, Ransomwarelive) 

1. Canvas by Instructure

Industry

Edtech

About the victim

Instructure is a Salt Lake City-based edtech company that is known for its solutions and services for the education industry for learning, assessment, and credentialing. It was founded in 2008 and hosts the world’s biggest community of educators.

What happened?

Instructure Inc. became a target of a ransomware attack that was orchestrated by the ShinyHunters ransomware group.

What did it cost?

As per the listing on a darkweb forum, nearly 9000 schools have been affected by the data breach, with over 3.65 TB of data compromised, belonging to 275 million people, including students, teachers, and other staff.

Source

2. Asian Football Confederation

Industry

Sports

About the victim

The Asian Football Confederation is a supreme governing authority of football, futsal, and beach soccer in most countries and territories in Asia.

What happened?

The AFC became targeted by a cyber attack in which the attackers stole and posted highly sensitive and personal details of members on a dark web forum. It is one of the biggest data breaches in football history.

What did it cost?

The cyber attack exposed the entire database of AFC players (including Cristiano Ronaldo), coaches, and other members, totaling 150,000 members. The exposed data includes passport scans, emails, contract details, and AFC registration files.

Source

3. Panera Bread

Industry

Bakery

About the victim

Panera Bread is a multinational chain of bakeries and casual restaurants across 2000 locations in the United States. It was founded in 1987 and is one of the biggest chains of bakery-style cafes in America.

What happened?

Panera Bread became a target of a ransomware attack carried out by the ShinyHunters ransomware group.

What did it cost?

The attack compromised 14 million records, including names, Email addresses, phone numbers, postal addresses, and account details.

Source

4. National Water Authority

Industry

Public sector

About the victim

The National Water Authority of Peru is a regulating authority for the sustainable and multisectoral management of the country’s water resources for its population.

What happened?

The National Water Authority of Peru became a target of a ransomware attack. The Black Shrantac ransomware group has claimed responsibility for the attack.

When did it happen?

January 8, 2026

What did it cost?

The ransomware attack has compromised 2TB of sensitive information, including water resource management information, Hydrometeorological data, technical documents, permits, and project-related information involving risk management during floods, droughts, etc.

Source

5. Nike

Industry

Apparel

About the victim

Nike is an Oregon-based apparel and equipment company focused on sports apparel. It offers a huge collection of sports equipment, accessories, and services.

What happened?

Nike became a victim of a ransomware attack carried out by the Worldleaks ransomware group, which stole credentials and other information belonging to its employees and users.

What did it cost?

The ransomware attack has compromised 481409 records, including the credentials of employees, affecting over 491,189 users.

Source

6. Adidas

Industry

Apparel

About the victim

Adidas is the largest manufacturer of clothing in Europe. It is recognized for its long history in providing sports equipment for the FIFA World Cup series.

What happened?

Adidas confirmed that an independent licensing partner became a victim of a data breach, which was carried out by the Lapsus$ Group.

What did it cost?

The data breach compromised 815000 files, including passwords, dates of birth, email addresses, company names, and technical data.

Source

7. Substack

Industry

Online publishing

About the victim

Substack is a California-based online solutions provider known for its subscription platform that offers creators an infrastructure for publishing, earning, and analytics. It is popular among journalists, media platforms, and subject matter experts.

What happened?

On 3rd February 2026, Substack discovered unauthorized access to the data of its users.

What did it cost?

The incident compromised 697313 user records, including phone numbers, email addresses, and other data.

Source

8. Iron Mountain

Industry

Enterprise Information Management

About the victim

Iron Mountain is a New Hampshire-based information management services provider that was founded in 1951. It operates in over 61 countries, and 95% of its clients are Fortune 1000 companies.

What happened?

Iron Mountain became a victim of a ransomware attack that was orchestrated by the Everest ransomware gang.

What did it cost?

The ransomware attack has compromised 1.4 TB of company’s internal documents and personal information belonging to its clients.

Source

9. Adobe

Industry

Software

About the victim

Adobe is a California-based software company that was founded in 1982. It is known for its web design, vector creation, photo editing, and audio & video software. It has major development operations in Newton, Seattle, San Francisco, and Austin.

What happened?

A threat actor who goes by the name Mr. Racoon has claimed responsibility for the data breach involving a huge quantity of sensitive corporate and customer data.

What did it cost?

The data breach has exposed 13 million customer support tickets, 15000 employee records, internal company documents, and Adobe’s bug bounty program submissions.

Source

10. McGrew Hill

Industry

Publishing

About the victim

McGraw-Hill is an Ohio-based educational publishing company known for educational publications, software, and services to K-12 and higher education. It is a known name among students and educators.

What happened?

McGraw-Hill identified unauthorized access to its systems. It was found upon investigation that the hackers exploited misconfigurations in the Salesforce environment and accessed the company’s internal data. The ShinyHunters ransomware group claimed responsibility for the attack.

What did it cost?

Around 45 million Salesforce records have been exposed, including personally identifiable information.

Source

To be continued

We have already seen some of the most dangerous ransomware attacks of 2026. Stay tuned as we keep updating our list of 2026’s top ransomware attacks.

Note: Our list only covers ransomware attacks in 2026 or reported/disclosed in 2026. All the ransomware attacks from previous years will be excluded from the list.