
Pentera Adds Granular Testing of Ransomware Families Qilin, Play, and BlackCat to Prevent Breaches
The three groups rank among the most evasion-capable ransomware operations active today, using techniques designed to evade the controls and detection tools most organizations rely on
BOSTON, July 15, 2026 /PRNewswire/ -- Pentera, the Exposure Validation Company, has expanded its ransomware testing capabilities, enabling organizations to run real attack scenarios based on some of the most dangerous ransomware operations in use today. Ransomware remains the primary driver of cybercrime, present in 48% of all breaches (Verizon 2026 DBIR), with leading groups increasingly difficult to detect as they sidestep traditional security controls.
Qilin, Play, and BlackCat evade detection by blending into legitimate system tools, disabling security controls at the kernel level, and compromising trusted IT vendors to reach multiple victims through a single breach. With Pentera, security teams can validate against each group's specific attack chain, from initial access through encryption.
"Stopping one ransomware family doesn't mean you can stop the next," said Amitai Ratzon, CEO of Pentera. "The groups making headlines today are built to evade the tools defending you. Even when your controls pass a compliance audit, do they hold up against how attackers actually operate? That's what Pentera answers, continuously, in your own environment."
- Qilin — Climbed from ninth place in 2024 to the world's most active ransomware group in 2025, claiming almost a thousand victims, and opened 2026 still in front with 342 in Q1 alone. Its cross-platform encryption and kernel-level evasion are built to bypass endpoint defenses, leaving teams unable to confirm whether their controls can actually stop execution.
- Play — Tripled its victim count in about 18 months, to 900 by May 2025, and it is still climbing, with Q1 2026 attacks up 64% over the prior quarter. It recompiles its payload for every target, so no two attacks share a signature, forcing teams to prove their defenses can catch what they have never seen before.
- BlackCat (ALPHV) — Responsible for over 1,000 breaches and nearly $300M in ransom payments across healthcare, finance, and critical infrastructure. Though law enforcement disrupted its infrastructure in 2024, its codebase and affiliate network resurfaced under successor operations, keeping it an active threat in everything but name.
This expansion builds on Pentera's ever-growing library of ransomware and attack scenarios across internal, external, and cloud environments, giving security teams a continuous view of their exposure and how to reduce risk. Every new ransomware scenario is available to Pentera customers as part of their existing subscription, at no additional cost. Validated findings move directly into Pentera Resolve to prioritize, assign, and confirm remediation without manual handoff. With Pentera, teams measure ransomware readiness over time, close the gaps that matter most, and translate results into clear executive reporting on resilience.
About Pentera:
Pentera is the market leader in AI-powered Security Validation, equipping enterprises with the platform to proactively test all their cybersecurity controls against the latest cyber attacks. Pentera identifies true risk across the entire attack surface and automatically orchestrates remediation workflows to effectively reduce exposure. The company's security validation capabilities are essential for Continuous Threat Exposure Management (CTEM) operations. Thousands of security professionals around the world trust Pentera to close security gaps before threat actors can exploit them.
For more information, visit: pentera.io
SOURCE Pentera
Share this article