This one cyber crime group accounted for nearly a fifth of all ransomware attacks in June

The Gentlemen, a ransomware a service operator, now accounts for 17% of published attacks

Hacker concept image showing a silhouetted person in a black hat with binary code in background.
(Image credit: Getty Images)

Global cyber attacks rose over 10% in June, according to new research from Check Point, with one particular group accounting for a growing portion.

The uptick in attacks comes in the wake of what the cybersecurity firm described as a period of “relative calm” in May.

Attack volumes increase broadly across all regions and sectors at once, the company noted, suggesting attackers are expanding activities across a wider set of targets.

“June’s data shows a broad rebound in cyber activity, not a single isolated spike,” said Mark Mitchell, security engineer at Check Point Software.

Latest Videos From

“Attackers are widening their reach across regions and industries, while ransomware groups continue to reorganize and scale."

Notably, Check Point’s analysis highlighted increased activity by The Gentlemen, a new ransomware operator on the scene. The group overtook Qilin as the most active ransomware group globally, accounting for 17% of published attacks.

LockBit activity also increased, rising from 1% of published attacks in May to 7% in June, making it the third most prevalent group.

"The rise of The Gentlemen to the top of the ransomware leaderboard is a clear reminder that new operators can rapidly become major global threats," Mitchell warned.

As ITPro previously reported, The Gentlemen have quickly grown to become one of the most aggressive ransomware groups worldwide.

Observations of the group’s activities by NTT revealed it uses advanced tooling and proxy infrastructure to accelerate attacks, often operating stealthily within compromised networks before causing havoc.

NTT researchers said the group also shows a level of technical maturity that would typically be associated with more established cyber crime groups. This could suggest it consists of highly experienced threat actors with deep ties to other groups within the cyber crime ecosystem.

Key industries in the crosshairs

Education remained the most targeted sector globally, with organizations facing an average of 4,816 weekly attacks - 16% up on June 2025.

They're a comparatively easy target, said Check Point, thanks to open campus networks, constant device turnover, and constrained security resources.

Government was the second-most targeted sector, with 2,836 weekly attacks, up 5% year on year, while telecommunications ranked third with 2,835 weekly attacks, a 13% increase.

Latin America attacks ramp up

Attacks against organizations in Latin America are ramping up significantly, according to Check Point.

Organizations across the region are now contending with an average of 3,501 weekly attacks, a 27% rise since June 2025.

APAC followed at 3,060 weekly attacks, up 5%, while Africa was third with 3,008 attacks per week, although this was down 9% year on year.

Europe and North America also saw sharp increases, at 22% and 14% respectively.

AI is creating new risks

Generative AI continues to cause problems, with one in every 26 prompts submitted from enterprise networks carrying a high risk of sensitive data leakage, making for a global exposure rate of 3.9%.

High-risk prompt activity affected 85% of organizations that regularly use generative AI tools, while a further 27% of prompts contained potentially sensitive information.

This issue was most prevalent in Latin America, where 5.2% of prompts carried a high risk of sensitive data leakage, while Europe matched the global average at 3.9%.

In terms of broader AI-related risks, healthcare and medical carried the highest exposure at 5.7%, followed by telecommunications and business services at 5.1% each, and IT at 4.1%.

Personal data was accessed at 80% of affected organizations, with network and infrastructure details, legal and regulatory material, financial data, and employee records also widely exposed.

FOLLOW US ON SOCIAL MEDIA

Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.

Emma Woollacott

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.