Europe Sees Increase in Ransomware, Extortion Attacks

TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTogether, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.European organizations face an escalating cyber threat landscape as attackers leverage geopolitical tensions and AI-enhanced social engineering for attacks.November 4, 2025As ransomware groups continue to operate faster than ever, European organizations are facing an increasingly large portion of attacks, accounting for nearly 22% of global ransomware and extortion victims.This is according to the latest study from CrowdStrike, which shows that the UK, Germany, France, Italy, and Spain were among the most targeted nations in the region. The cybersecurity vendor found that dedicated leak site (DLS) entries naming Europe-based organizations jumped nearly 13% year over year, with adversary groups like Scattered Spider reducing their time to deployment to just 24 hours. In CrowdStrike's "2025 European Threat Landscape Report," researchers found that the most targeted sectors were manufacturing, professional services, technology, industrial and engineering, and retail. Akira, LockBit, RansomHub, INC, Lynx, and Sinobi have been some of the most successful ransomware groups since January 2024, particularly for this region and big-game hunting (BGH) attacks, which involve threat actors aiming their sights toward larger companies, have persisted in this area as well.Europe remains a primary target for e-crime adversaries because of the country's legal framework, political motivations of threat actors, and profitability of European entities, according to the report.Related:SonicWall Firewall Backups Stolen by Nation-State ActorRussia's invasion of Ukraine in 2022 also plays a role in the continent's cyber woes, as well as the Israel-Hamas conflict, all of which are drivers of denial-of-service (DDoS) attacks, hack-and-leak campaigns, and website defacements.Vishing calls are expected to become a prominent tactic for threat actors moving forward, according to CrowdStrike. It involves an adversary calling a victim and encouraging them to provide their credentials or sensitive material. With the rise of AI, vishing is becoming even more of a threat, convincing victims that the person on the other end of the line is someone they personally know.Though some threat actors have expressed their preference of North America-based targets, the researchers believe with moderate confidence that vishing will become a more significant threat to Europe-based entities.Other tactics that will likely hold onto their popularity are fake CAPTCHA lures, otherwise known as ClickFix, malware-as-a-service (MaaS), violence-as-a-service, and physical cryptocurrency theft. The latter two involve physical attacks and kidnappings and have increased since 2024. CrowdStrike noted that cybercriminals connected to the "The Com," a community of young, English-speaking hackers, and the Russia-affiliated group Renaissance Spider have coordinated physical attacks, kidnapping, and even arson through Telegram-based networks.Related:Nikkei Suffers Breach Via Slack CompromiseAccording to the researchers, there have been 17 of these kinds of attacks since January 2024, most of which were located in France, including the kidnapping of the co-founder of cryptocurrency wallet vendor Ledger, which occurred in January 2025.The CrowdStrike report offers several mitigation recommendations for European organizations as they face this onslaught of attacks, including adopting agentic AI to scale security operations, securing the entire identity ecosystem, eliminating cross-domain visibility gaps, and defending the cloud as core infrastructure.Kristina BeekAssociate Editor, Dark ReadingSkilled writer and editor covering cybersecurity for Dark Reading.2025 DigiCert DDoS Biannual ReportDigiCert RADAR - Risk Analysis, Detection & Attack ReconnaissanceThe Total Economic Impact of DigiCert ONEIDC MarketScape: Worldwide Exposure Management 2025 Vendor AssessmentThe Forrester Wave™: Unified Vulnerability Management Solutions, Q3 2025How AI & Autonomous Patching Eliminate Exposure RisksThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesYou May Also LikeNov 13, 2025How AI & Autonomous Patching Eliminate Exposure RisksThe Cloud is No Longer Enough: Securing the Modern Digital PerimeterSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesPKI Modernization WhitepaperEDR v XDR v MDR- The Cybersecurity ABCs ExplainedHow to Chart a Path to Exposure Management MaturitySecurity Leaders' Guide to Exposure Management StrategyThe NHI Buyers GuideCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.