Sweden
SERansomware victim intelligence profile · Ranked #21 globally · Updated: May 28, 2026
Ransomware Threat Profile: Sweden
Sweden ranks #21 globally for ransomware attacks, with 109 confirmed victims in this database — representing 0.6% of the worldwide total. The most active ransomware groups targeting Sweden include Qilin, Akira, Play.
The most frequently targeted industries in Sweden are Manufacturing, Business Services, Technology. The healthcare sector is particularly vulnerable because attacks on hospitals and medical providers can create life-threatening situations, increasing pressure to pay ransoms quickly.
Sweden's attack volume reflects broader trends in ransomware targeting: the volume of attacks reflects the country's integration into the global economy and the proliferation of ransomware operations that target organisations of all sizes worldwide.
Organisations in Sweden should consider the active threat groups documented here when assessing their cybersecurity posture, implementing detection rules, and prioritising incident response planning.
Recent Victims in Sweden (20 cached of 109 total)
| # | Organization | Group | Sector | Date |
|---|---|---|---|---|
| 1 | Pamil Modulsystem | Dragonforce | Manufacturing | May 13, 2026 |
| 2 | Forsheda Stlverktyg | Thegentlemen | Manufacturing | May 6, 2026 |
| 3 | dahlgrenscement.se | Safepay | Manufacturing | May 4, 2026 |
| 4 | Promotion AB | Dragonforce | Business Services | Apr 27, 2026 |
| 5 | Cahbo Produkter | Qilin | Agriculture and Food Production | Apr 25, 2026 |
| 6 | Dorotea Sweden | Incransom | Consumer Services | Apr 24, 2026 |
| 7 | Avitrans | Qilin | Transportation/Logistics | Apr 21, 2026 |
| 8 | Friktimporten Stockholm | Thegentlemen | Consumer Services | Apr 19, 2026 |
| 9 | WEDA ROBOTICS | Lamashtu | Manufacturing | Apr 14, 2026 |
| 10 | Brokk | Play | Manufacturing | Mar 30, 2026 |
| 11 | SATS Sports Club Sweden | Thegentlemen | Hospitality and Tourism | Mar 22, 2026 |
| 12 | Biogel | Qilin | Manufacturing | Mar 16, 2026 |
| 13 | ATG - New samples added | Coinbasecartel | — | Mar 15, 2026 |
| 14 | Bigso | Dragonforce | Consumer Services | Feb 15, 2026 |
| 15 | Hafa | Thegentlemen | Manufacturing | Feb 6, 2026 |
| 16 | Elabs | Rhysida | Technology | Feb 2, 2026 |
| 17 | Hermes Medical Solutions | Termite | Healthcare | Dec 25, 2025 |
| 18 | Hr Björkmans Entrémattor | Qilin | Business Services | Dec 17, 2025 |
| 19 | ATG | Coinbasecartel | Consumer Services | Dec 12, 2025 |
| 20 | www.enea.com | Incransom | Technology | Dec 1, 2025 |
Frequently Asked Questions
How many ransomware attacks have occurred in Sweden?
Sweden has recorded 109 ransomware victim disclosures in this database, ranking #21 globally. This represents 0.6% of all tracked ransomware attacks worldwide.
Which ransomware groups target Sweden?
The ransomware groups most active in Sweden are Qilin, Akira, Play, 8base. These groups collectively account for the majority of victim disclosures attributed to Sweden.
Which industries are most targeted by ransomware in Sweden?
In Sweden, the most frequently targeted sectors are Manufacturing, Business Services, Technology. These industries hold valuable data and often have critical operational requirements that make them attractive ransomware targets.
How does Sweden rank globally for ransomware attacks?
Sweden ranks #21 globally for ransomware attacks with 109 victim disclosures, representing 0.6% of the worldwide total of 18,180 tracked victims.
How can organisations in Sweden protect against ransomware?
Organisations in Sweden should implement a layered security approach including regular offline backups, network segmentation, multi-factor authentication, endpoint detection and response (EDR) tools, and employee security awareness training. Monitoring threat intelligence feeds for active groups targeting Sweden is also recommended.