Skip to main content

Attacks on VPNs Help Drive Ransomware Activity to New Highs

By Corvus Threat Intel & Risk Advisory
1 minute
Last Updated May 29, 2026

Key takeaways

  • Increase in ransomware activity: 2,453 victims were posted to leak sites in Q4, making it the highest quarter on record and representing a 48% increase over Q3.
  • Qilin dominates the threat landscape: With 551 victims in Q4, Qilin accounted for 22% of all ransomware attacks and more than doubled its Q3 activity following aggressive affiliate recruitment.
  • Attacks on VPNs continued: For the second quarter in a row, the major tactical story was attacks on VPN technology, particularly a category known as Secure Sockets Layer (SSL) VPN.

Resource Center

Q4 '25 Travelers Cyber Threat Report: Attacks on VPNs Drive Ransomware

Q4 2025 saw an unprecedented rise in ransomware attacks, with Qilin leading the charge and VPNs being a prime target for cybercriminals

Resource Center

Q3 '25 Travelers Cyber Threat Report: Ransomware Rises Again

Ransomware resurges in Q3 2025 with coordinated VPN attacks and rising AI threats. Learn more in our latest Cyber Threat Report.

Resource Center

Q2 ‘25 Travelers Cyber Threat Report: How BEC Drives Cyber Claims

Ransomware declines in Q2 2025, but BEC and social engineering fraud remain significant challenges for businesses. Learn more in our latest report.