Μake us preferred on Google

Organizations worldwide were hit with an average of 2,201 cyberattacks per week in April 2026, marking a 10% increase month-over-month and an 8% rise year-over-year (YoY), according to the Global Cyber Threat Analysis for April 2026 published by Check Point Research, the threat intelligence arm of Check Point Software.

Following the brief slowdown observed in March, April’s data confirms that global cyber activity not only failed to stabilize but actually accelerated once again. This uptick highlights how cybercriminals continue to retool their campaigns, leveraging automation, an expanded digital footprint, and growing attack surfaces tied to cloud infrastructure and the widespread adoption of generative AI.

“The April data shows that March’s slowdown was temporary,” said Michalis Bozos, Country Manager for Greece, Cyprus, Bulgaria, and Romania at Check Point Research. “Attackers remain highly active and flexible, shifting targets and timing rather than pulling back. As ransomware scales up and GenAI becomes further embedded in daily work, organizations must treat cyber risk as a constant and focus on prevention, governance, and AI-powered security to stop threats before they cause impact.”

Education, Government, and Telecom the Top Targets

In April, the Education sector remained the most targeted worldwide, sustaining 4,946 attacks per week per organization, up 8% YoY. Government agencies came in second with 2,797 weekly cyberattacks, remaining relatively stable (down 1% YoY), while Telecommunications ranked third with 2,728 attacks per week, up 3% YoY.

NEWSLETTER TABLE TALK

Never miss a story.
Subscribe now.

The most important news & topics every week in your inbox.

Seasonal sectors such as Tourism, Hotels, and Leisure also saw heightened activity, as organizations ramp up operations ahead of the summer period, expanding their digital footprint through more transactions, third-party partnerships, and faster operational cycles.

Greece Under Steady Pressure

Geographically, Latin America remains the most targeted region globally, with 3,364 attacks per week per organization and a 20% YoY increase. The APAC region followed with 3,213 attacks (up 4% YoY), while Africa recorded 2,940 despite a 9% YoY decline.

Europe averaged 1,848 weekly attacks per organization (up 9% YoY), while North America saw 1,499 (up 0.4% YoY).

In Greece specifically, organizations faced an average of 1,591 cyberattacks per week, a 4% increase year-over-year, confirming that the country is tracking the broader European and global upward trend in cyber threats and underscoring the need to strengthen prevention and defense strategies.

GenAI Amplifies Data Leak Risk

Despite fluctuations in attack volume, the GenAI-related risk remained high in April as well. According to Check Point Research, 1 in 28 corporate prompts submitted to GenAI tools carries a high risk of exposing sensitive data, affecting 90% of organizations that use such tools systematically.

Companies used an average of 10 different GenAI tools, with the average user generating 77 prompts per month, underscoring that GenAI is being woven into daily workflows faster than security and governance mechanisms can keep up.

Ransomware on the Rise

Ransomware remained one of the most disruptive threats in April, with 707 publicly reported incidents, up 5% month-over-month and 12% YoY. Business Services was once again the hardest-hit sector, accounting for 33.8% of incidents, followed by Consumer Goods and Services (14.4%) and Manufacturing (9.9%), where operational downtime and data exposure translate directly into financial losses.

North America absorbed 46% of all ransomware attacks, followed by Europe (27%) and APAC (17%), confirming the persistent targeting of high-value markets. Activity remains heavily concentrated among a small number of groups, even as the ransomware ecosystem continues to expand, keeping consistent pressure on all industries.

A Concentrated but Growing Threat Landscape

Ransomware activity in April was driven by a limited number of highly prolific groups. Qilin was responsible for 15% of published attacks, followed by The Gentlemen (10%) and DragonForce (9%), with the three groups combined accounting for 34% of all incidents.

At the same time, the ransomware ecosystem continues to broaden, with 56 distinct groups carrying out cyberattacks globally within the month. The combination of dominant players and a growing number of smaller actors reflects a resilient and continuously evolving ransomware-as-a-service model that maintains steady pressure across all sectors.