Turkey
TRRansomware victim intelligence profile · Ranked #23 globally · Updated: Apr 4, 2026
Ransomware Threat Profile: Turkey
Turkey ranks #23 globally for ransomware attacks, with 86 confirmed victims in this database — representing 0.5% of the worldwide total. The most active ransomware groups targeting Turkey include Qilin, Nightspire, Thegentlemen.
The most frequently targeted industries in Turkey are Manufacturing, Technology, Healthcare. The healthcare sector is particularly vulnerable because attacks on hospitals and medical providers can create life-threatening situations, increasing pressure to pay ransoms quickly.
Turkey's attack volume reflects broader trends in ransomware targeting: the volume of attacks reflects the country's integration into the global economy and the proliferation of ransomware operations that target organisations of all sizes worldwide.
Organisations in Turkey should consider the active threat groups documented here when assessing their cybersecurity posture, implementing detection rules, and prioritising incident response planning.
Recent Victims in Turkey (20 cached of 86 total)
| # | Organization | Group | Sector | Date |
|---|---|---|---|---|
| 1 | PARS AR-GE | Nightspire | — | Apr 3, 2026 |
| 2 | TTAF Defense | Nightspire | Public Sector | Apr 3, 2026 |
| 3 | Teknopres_TR | Incransom | — | Mar 10, 2026 |
| 4 | Tenteks Tente | Dragonforce | Manufacturing | Mar 4, 2026 |
| 5 | Öztekin Group | Dragonforce | — | Mar 4, 2026 |
| 6 | AKOL LAW | Nightspire | — | Mar 4, 2026 |
| 7 | Akkök Holding | Qilin | Manufacturing | Mar 2, 2026 |
| 8 | Zabun | Thegentlemen | — | Feb 26, 2026 |
| 9 | Betesan | Dragonforce | — | Feb 13, 2026 |
| 10 | A1 Capital | Dragonforce | — | Feb 12, 2026 |
| 11 | Erg Otoyol | Thegentlemen | — | Feb 11, 2026 |
| 12 | Ankara-İzmir | Thegentlemen | — | Feb 6, 2026 |
| 13 | Kopas Cosmetics | Qilin | Consumer Services | Feb 4, 2026 |
| 14 | KAZMILAW.COM | Clop | — | Jan 25, 2026 |
| 15 | Şemsioğlu Uşak Ev Tarhanası | Qilin | Agriculture and Food Production | Jan 25, 2026 |
| 16 | [Redacted] #1930 | Thegentlemen | — | Jan 20, 2026 |
| 17 | GSM PORTAL TEKNOLOJÄ° HÄ°ZMETLERÄ° TÄ°C. LTD. ÅžTÄ° | Tengu | Technology | Jan 18, 2026 |
| 18 | Pos BiliÅŸim Teknolojileri | Thegentlemen | Technology | Jan 11, 2026 |
| 19 | Dekoyap | Thegentlemen | — | Jan 11, 2026 |
| 20 | Sönmezler Metal | Qilin | Manufacturing | Jan 4, 2026 |
Frequently Asked Questions
How many ransomware attacks have occurred in Turkey?
Turkey has recorded 86 ransomware victim disclosures in this database, ranking #23 globally. This represents 0.5% of all tracked ransomware attacks worldwide.
Which ransomware groups target Turkey?
The ransomware groups most active in Turkey are Qilin, Nightspire, Thegentlemen, Lockbit5. These groups collectively account for the majority of victim disclosures attributed to Turkey.
Which industries are most targeted by ransomware in Turkey?
In Turkey, the most frequently targeted sectors are Manufacturing, Technology, Healthcare. These industries hold valuable data and often have critical operational requirements that make them attractive ransomware targets.
How does Turkey rank globally for ransomware attacks?
Turkey ranks #23 globally for ransomware attacks with 86 victim disclosures, representing 0.5% of the worldwide total of 16,710 tracked victims.
How can organisations in Turkey protect against ransomware?
Organisations in Turkey should implement a layered security approach including regular offline backups, network segmentation, multi-factor authentication, endpoint detection and response (EDR) tools, and employee security awareness training. Monitoring threat intelligence feeds for active groups targeting Turkey is also recommended.