Ransomware attacks are hitting Europe at a record rate, fueled by underground marketplaces commoditizing services like Malware as a Service, initial access brokerage, and phishing toolkits.
Figures from CrowdStrike’s 2025 European Threat Landscape Report show European organizations have accounted for nearly 22% of ransomware and extortion attacks across 2025 so far.
This means European firms rank second only to North American counterparts, and are more than twice as likely to be targeted than organizations based in the APAC region.
CrowdStrike noted that attackers are getting faster, with groups like Scattered Spider upping the speed of ransomware deployment by 48%, and the average attack now taking just 24 hours.
Crucially, state-sponsored groups from Russia, China, North Korea, and Iran have expanded their regional targeting across a number of industries.
"These campaigns range from targeted intrusions for traditional espionage — aimed at obtaining geopolitical and operational insight or facilitating intellectual property theft — to opportunistic intrusions for financial gain," researchers said.
Russia is targeting Ukraine with credential phishing, intelligence collection, and destructive operations targeting government, military, energy, telecoms, and utilities sectors.
North Korea has upped its targeting of European defense, diplomatic, and financial institutions, combining espionage with cryptocurrency theft to advance strategic interests.
Meanwhile, Chinese state-sponsored adversaries are targeting industries in 11 countries, exploiting cloud infrastructure and software supply chains to steal intellectual property.
Persistent campaigns have focused on healthcare and biotechnology, with Vixen Panda emerging as the most widespread threat to European government and defense entities.
"The cyber battlefield in Europe is more crowded and complex than ever,” said Adam Meyers, head of counter adversary operations at CrowdStrike.
“We’re seeing a dangerous convergence of criminal innovation and geopolitical ambition, with ransomware crews using enterprise-grade tools and state-backed actors exploiting global crises to disrupt, persist, and conduct espionage."
The cyber crime ecosystem is evolving
There's also been a rapid evolution of underground ecosystems, which is fueling a wave of sophisticated attacks.
English- and Russian-language forums – including BreachForums – remain central to Europe’s eCrime ecosystem, enabling the exchange of stolen data, malware, and criminal services.
Meanwhile, platforms like Telegram, Tox, and Jabber are making it easier for threat actors to collaborate, recruit, and monetize their activities.
"Global conflicts will likely continue to motivate hacktivist activity against European entities over the next 12 months. To maximize their public impact, some hacktivist groups will likely claim to target critical OT, including ICSs and SCADA systems, across Europe and globally," researchers warned.
"As international law enforcement agencies intensify their operations against cybercrime, hacktivists will likely respond via retaliatory campaigns, tactical shifts, and coordinated social media activity.”
Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.
MORE FROM ITPRO
-
Entry-level hiring is slowing down at an alarming rateNews A new report shows employers are cutting back on entry-level hiring, but expect things to improve eventually
-
Lenovo Yoga 9i 2-in-1 Gen 10 Aura Edition reviewReviews A superb laptop for creative pros with awesome stamina and a fantastic screen
