ctipilot.ch

Home · Live brief · Weekly 2026-W20

Qilin / Agenda RaaS — April 2026 lead at 15% of global ransomware activity, Germany 5% of global victims

notable synthesis discovered 2026-05-11 05:00 UTC single-source

Entities: Qilin / Agenda Check Point

Part of run 2026-W20-71c96b25 (weekly · Claude Opus 4.7)

W19 long-running record (item:qilin-agenda-raas-die-linke-confirms-q2-2026-german-activity) tracked Qilin's continued German activity. W20 status: Check Point's April 2026 report confirms Qilin leads all RaaS operators at 15% of 707 published attacks in April; Germany's share at 5% of global ransomware victims is the elevated-DACH-exposure data point (Qilin DLS German-victim count cited by W1 horizon research as approximately 65 as of 2026-05-16 — uncorroborated leak-site enumeration that should be treated as a lower bound); Die Linke (German political party) confirmed Qilin compromise in March 2026 (W19 carry-over); no new Swiss-specific victim named in window (Check Point Research).

ransomware organized-crime europe dach