Fortinet’s 2026 report shows a 389% year-over-year increase in ransomware victims, driven by AI crime tools and an 79% surge in infostealer log availability.
Ransomware has reached a new alarming level, with confirmed victims worldwide jumping to 7,831 in 2025, a 389% year-over-year increase according to Fortinet’s 2026 Global Threat Landscape Report. The sharp rise is driven by ready-to-use AI crime tools such as WormGPT, FraudGPT, and BruteForceAI, which are sold openly on dark web marketplaces, giving even low-level threat actors access to capabilities previously limited to advanced hacker groups.
The time-to-exploit window has collapsed dramatically. FortiGuard Labs now records TTE windows as short as 24 to 48 hours for critical vulnerabilities, with one real-world case showing exploitation beginning within hours of the React2Shell vulnerability disclosure. The manufacturing sector bore the heaviest burden with 1,284 confirmed victims, followed by business services at 824 and retail at 682. The US recorded the highest concentration with 3,381 victims.
Stealer malware dominates the attack chain, with RedLine responsible for 911,968 infections (50.80% of all stealer activity), Lumma at 499,784 (27.84%), and Vidar at 236,778 (13.19%). Stealer logs now account for 67.12% of all advertised dark web datasets. The 2026 report notes an additional 79% increase in stealer log availability compared to 2025, building on the 500% spike recorded the previous year. Agentic AI has enabled attackers to automate the sorting and exploitation of stolen datasets at scale.
Organizations should audit and rotate credentials regularly, enforce phishing-resistant multi-factor authentication, and monitor for infostealer activity across all endpoints. Keeping systems patched within 24 to 48 hours of critical vulnerability disclosure is now a baseline expectation.
Source: Cyber Security News — Ransomware Victims Jump to 7,831 as AI Crime Tools Scale Global Attack
