Markus Fritz DACH General Manager Acronis
According to the Acronis Cyberthreats Update for June 2026, malware detections declined slightly in May. At the same time, blocked URL attacks increased, and ransomware groups such as Qilin remained highly active.

In May 2026, malware was detected on 6.2 percent of users tracked by Acronis, a decrease of 0.6 percentage points compared with April, when the figure stood at 6.8 percent. At the same time, the number of blocked URL attacks rose by nearly 1.2 percent month over month. According to Acronis, the decline in malware detections does not amount to a broader easing of the global threat landscape, since several other indicators remained elevated or edged up slightly in May. In addition, more than 770 data breaches were publicly reported in May, down from 789 in April.

The figures come from the monthly Acronis Cyberthreats Update, which summarizes current threat metrics along with assessments from the Acronis Threat Research Unit (TRU). The report analyzes detection data from the Acronis user base and places it in the context of regional and global trends. Its aim is to help businesses and individuals navigate an evolving set of security risks.

The three most frequently detected malware threats in May were the IoT botnet malware Mirai and the infostealers FormBook and AgentTesla. Mirai and AgentTesla have repeatedly ranked among the most frequently detected threats this year. Among ransomware groups, Qilin remained the most active for a second consecutive month, with 111 reported victims in May. The Gentlemen and DragonForce recorded similarly high victim counts to April, with 89 and 55 cases respectively.

Regional differences in URL attacks

In Germany, the normalized detection rate for malicious URLs fell from 11.1 percent in April to 10.7 percent in May. Other countries recorded significantly higher rates, including Singapore at 13.1 percent, Brazil at 13.0 percent and Colombia at 12.7 percent. New Zealand saw the steepest increase in malicious URL detections, up 3.3 percentage points from 9.4 to 12.7 percent, while South Korea recorded the sharpest decline, down 2.6 percentage points from 8.5 to 5.9 percent.

Among normalized malware detection rates worldwide, Palestine again topped the list at 45.5 percent, followed by Vietnam at 32.2 percent and Iraq at 27.4 percent.

Acronis assessment

Markus Fritz, General Manager DACH at Acronis, described the decline in malware detections following April’s peak as a positive development, but cautioned against reading it as evidence of a fundamental easing of the threat landscape. He said the threat level remains above where it stood at the start of the year, the number of blocked URL attacks continues to rise, and ransomware groups remain highly active. Fritz recommended that organizations adopt layered protection combining endpoint security, advanced email and URL filtering, and behavior-, AI- and ML-based detection.

Protective recommendations

In its update, Acronis outlines several measures businesses and individuals can take to protect themselves against current threats. These include using strong, unique passwords together with a password manager, and storing confidential files in encrypted cloud storage. The report also recommends automated recovery of encrypted or tampered files, along with advanced email security and URL filtering to guard against phishing and other social engineering techniques.

Further recommendations cover consistent patch management, checking signed installation files not only for valid signatures but also for embedded configuration data, and critically reviewing and restricting the use of remote access software to what is strictly necessary. Acronis additionally advises deploying a security solution that combines behavior-, AI- and ML-based detection with anti-ransomware heuristics to identify both known and previously unknown threats at an early stage.

The full Acronis Cyberthreats Update for June 2026 is available on the company’s website.

By Carolina Heyder

Carolina Heyder is a business analyst and moderator with extensive experience in the German and international IT market. She has worked for many years at renowned European trade publishers such as WEKA Fachmedien, Vogel IT Medien, Springer, and Aspencore. She creates content for both web and print media and is an expert in front of the microphone and camera. Thanks to her fluency in German, English, and Spanish, as well as her Chilean roots, she brings a global and intercultural perspective to topics such as cybersecurity, artificial intelligence, digital transformation, sustainability, and other key areas of the IT sector.

Leave a Reply

Your email address will not be published. Required fields are marked *

WordPress Cookie Notice by Real Cookie Banner