Philippines
PHRansomware victim intelligence profile ยท Ranked #40 globally ยท Updated: Jun 10, 2026
Ransomware Threat Profile: Philippines
Philippines ranks #40 globally for ransomware attacks, with 53 confirmed victims in this database โ representing 0.3% of the worldwide total. The most active ransomware groups targeting Philippines include Qilin, Thegentlemen, Payload.
The most frequently targeted industries in Philippines are Business Services, Consumer Services, Transportation/Logistics. The healthcare sector is particularly vulnerable because attacks on hospitals and medical providers can create life-threatening situations, increasing pressure to pay ransoms quickly.
Philippines's attack volume reflects broader trends in ransomware targeting: the volume of attacks reflects the country's integration into the global economy and the proliferation of ransomware operations that target organisations of all sizes worldwide.
Organisations in Philippines should consider the active threat groups documented here when assessing their cybersecurity posture, implementing detection rules, and prioritising incident response planning.
Recent Victims in Philippines (20 cached of 53 total)
| # | Organization | Group | Sector | Date |
|---|---|---|---|---|
| 1 | case.law | Black x | Business Services | Jun 2, 2026 |
| 2 | Panorama BPO | Dragonforce | Business Services | Jun 1, 2026 |
| 3 | Don Bosco Technical Institute of Makati | Nova | Education | May 17, 2026 |
| 4 | B.Care Medical Center | Qilin | Healthcare | May 15, 2026 |
| 5 | Startec Group of Companies | Aurora | Business Services | May 12, 2026 |
| 6 | Philex Mining | Qilin | Energy | Apr 30, 2026 |
| 7 | pricon.com.ph | Lockbit5 | Business Services | Apr 29, 2026 |
| 8 | dpwh.gov.ph | Apt73 | Public Sector | Apr 27, 2026 |
| 9 | Woodfields Consultants | Qilin | Business Services | Apr 25, 2026 |
| 10 | Sunlight Express Airways | Payload | Transportation/Logistics | Apr 16, 2026 |
| 11 | Kawasaki Motors Philippines Corporation | Auditteam | Manufacturing | Apr 8, 2026 |
| 12 | Alliance Select Foods International | Dragonforce | Agriculture and Food Production | Mar 29, 2026 |
| 13 | PTT Philippines | Thegentlemen | Energy | Mar 22, 2026 |
| 14 | TS Lines Philippines | Payload | Transportation/Logistics | Mar 20, 2026 |
| 15 | Lucky Innovative Manufacturing Corporation | Payload | Manufacturing | Mar 19, 2026 |
| 16 | United Limsun International Trading | Payload | Consumer Services | Mar 14, 2026 |
| 17 | White Beach Hotel | Thegentlemen | Hospitality and Tourism | Feb 13, 2026 |
| 18 | Philippine Savings Bank (Metrobank Group) | Qilin | Financial Services | Jan 28, 2026 |
| 19 | lenotech.com.ph | Tengu | Technology | Jan 27, 2026 |
| 20 | DTI Foreign Trade Service Corps | Thegentlemen | Business Services | Jan 11, 2026 |
Frequently Asked Questions
How many ransomware attacks have occurred in Philippines?
Philippines has recorded 53 ransomware victim disclosures in this database, ranking #40 globally. This represents 0.3% of all tracked ransomware attacks worldwide.
Which ransomware groups target Philippines?
The ransomware groups most active in Philippines are Qilin, Thegentlemen, Payload, Ransomhub. These groups collectively account for the majority of victim disclosures attributed to Philippines.
Which industries are most targeted by ransomware in Philippines?
In Philippines, the most frequently targeted sectors are Business Services, Consumer Services, Transportation/Logistics. These industries hold valuable data and often have critical operational requirements that make them attractive ransomware targets.
How does Philippines rank globally for ransomware attacks?
Philippines ranks #40 globally for ransomware attacks with 53 victim disclosures, representing 0.3% of the worldwide total of 18,430 tracked victims.
How can organisations in Philippines protect against ransomware?
Organisations in Philippines should implement a layered security approach including regular offline backups, network segmentation, multi-factor authentication, endpoint detection and response (EDR) tools, and employee security awareness training. Monitoring threat intelligence feeds for active groups targeting Philippines is also recommended.