Home · Briefs · CTI Weekly Summary — 2026-W20 (May 11 – May 17, 2026)
Qilin / Agenda RaaS — April 2026 lead at 15% of global ransomware activity, Germany 5% of global victims
From CTI Weekly Summary — 2026-W20 (May 11 – May 17, 2026) · published 2026-05-17
W19 long-running record (item:qilin-agenda-raas-die-linke-confirms-q2-2026-german-activity) tracked Qilin's continued German activity. W20 status: Check Point's April 2026 report confirms Qilin leads all RaaS operators at 15% of 707 published attacks in April; Germany's share at 5% of global ransomware victims is the elevated-DACH-exposure data point (Qilin DLS German-victim count cited by W1 horizon research as approximately 65 as of 2026-05-16 — uncorroborated leak-site enumeration that should be treated as a lower bound); Die Linke (German political party) confirmed Qilin compromise in March 2026 (W19 carry-over); no new Swiss-specific victim named in window (Check Point Research).