In Europe, cybersecurity specialists are noticing a big increase in ransomware and extortion attacks, which are escalating rapidly like never before, with little incentive for hackers to stop being satisfied with the ransom already received. Two reports, one from CrowdStrike and the other from Dark Reading, describes a scenario in which Europe is experiencing attacks from increasingly sophisticated criminal groups. This bringing on a new wave of attacks.
Dark Reading reports that they no longer do ransomware attacks
In the past year, Dark Reading reports that they no longer do ransomware attacks, but attacks involving extortion, which is a more sophisticated level of attack comprising data theft, encryption, and leaks of the victim’s data, demanding that ransoms be paid.
Victims are left with little choice in this โtriple extortionโ environment, which becomes the norm.
Fearing ransom payments to be paid, attackers see the outages and crashes of healthcare and critical infrastructure sectors such as a situation to pay extortion ransoms.
Dark reading stated that critical sectors like healthcare and finance are being hit hardest because those industries can be catastrophic.
Attacks in the sector of finance and healthcare also lead to quick ransom payments, which pay for further improvements to the attack tools.
Governments are offering stricter regulations, which, along with new collaboration with companies in the private sector, will create a much better security strategy. Business crime is a problem of systems and weak response systems. Fine regulations will give the business no crime, passing the crime down to a weak business system.
CrowdStrike: Record pace and organized crime
The CrowdStrike 2025 European Threat Landscape Report and other reports are confirming the fears of many that ransomware is spreading in Europe with unprecedented rapidity.
Organized criminal groups collaborate in attacks of a metered business-like rationality, such as tool sharing, and division of attack labour and outsourced attack modules to create the attacks to bypass the security of the victim organization.
CrowdStrike notes the emergence of “initial access brokers.” These brokers infiltrate corporate networks and later sell their access to ransomware criminals. This “marketplace” trend provides little to no resources for attackers to spend to acquire access, and makes detection and stopping an attack easier.
Europe is vulnerable, but why is Europe being targeted more than the rest of the world?
Both reports analyzed cite a combination of disparate European regulations and the rapid digital transformation of the world. The disparate European regulations lead to very different and weak security protocols that attackers can exploit.
Criminals are exploiting the weaknesses created by the rapid digital transformation due to remote work and the cloud. These criminals are deploying phishing, credential theft, and supply chain attacks. Cyber attacks have serious repercussions for the targeted business. In addition to ransom payments, the downtime for a business may lead to lost data, lost revenue, fines, and lasting reputation damage. Some businesses, like hospitals and energy providers, may even affect lives with their downtime.
Cybercrime is a business problem because criminals are targeting weak systems. Authorities can issue regulations, but companies will have to be the ones to implement new security systems. The steep rise in ransomware attacks in Europe isnโt just a wake-up callโitโs a clear message. The threat landscape has changedโand so organizations must adapt, or risk becoming the next headline.
Dark Reading and CrowdStrike have one thing in common: ransomware is here to stay. To add to the problem, threat actors are automating their ransomware attacks and using AI to streamline their operationsโand thatโs bad news for businesses. Cybersecurity is no longer an afterthought. Itโs a critical component for the survival of a business.
