CrowdStrike: Why Europe is Second Biggest Ransomware Target

CrowdStrike’s 2025 European Threat Landscape Report reveals that Europe has become the second largest global target for ransomware and cyber extortion, accounting for nearly 22% of victims worldwide. 

Ransomware operations now deploy attacks 48% faster than before, shrinking the average attack timeline to just 24 hours. 

Countries including the UK, Germany, France, Italy and Spain face the brunt of these assaults, CrowdStrike says, with sophisticated threat actors employing file encryption and data theft as their primary tactics.

“The CrowdStrike 2025 European Threat Landscape Report provides key insights into observed cyber activity and related geopolitical developments across the region,” the report’s executive summary begins. “It summarises the nation-state, eCrime and hacktivism threats impacting Europe to inform public and private sector stakeholders.”

What is fuelling rapid attack growth across Europe?

The report highlights how underground marketplaces continue to commoditise malicious services such as Malware-as-a-Service, initial access brokerage and phishing toolkits, significantly lowering the barrier to entry for cybercriminal groups. 

English- and Russian-language forums, notably BreachForums, continue to act as pivotal hubs enabling stolen data trades, malware sharing and the coordination of criminal activities.

As well as this, messaging platforms like Telegram amplify collaboration and recruitment among threat actors. This also extends cybercrime into the domain of physical violence linked to cryptocurrency theft.

CrowdStrike’s frontline intelligence paints a worrying picture of geopolitical cyber aggression from Russia, China, North Korea and Iran, collectively referred to as the ‘Big Four’.

Russian-linked groups have intensified cyber espionage and destructive campaigns, especially against Ukrainian targets but also across European government, military, energy and telecom sectors. 

North Korean adversaries are known for blending espionage with cryptocurrency theft, focusing on European defence, diplomatic and financial institutions. 

Chinese state-sponsored campaigns often exploit cloud infrastructures and software supply chains in sectors such as healthcare and biotechnology, with the VIXEN PANDA group a notorious, persistent threat. 

Iran-linked actors are well-versed in conducting phishing, hack-and-leak and DDoS campaigns targeting Western European nations, often disguising state espionage as hacktivism.

“The cyber battlefield in Europe is more crowded and complex than ever,” says Adam Meyers, Head of Counter Adversary Operations at CrowdStrike. 

“We’re seeing a dangerous convergence of criminal innovation and geopolitical ambition, with ransomware crews using enterprise-grade tools and state-backed actors exploiting global crises to disrupt, persist and conduct espionage. 

“In this high-stakes environment, intelligence-led defence powered by AI and guided by human expertise is the only combination designed to stop cyber threats.”

Is hybrid cyber-physical crime a growing trend?

A novel and alarming development that CrowdStrike’s report emphasises is the emergence of Violence-as-a-Service in Europe. 

Cybercriminal groups are increasingly coordinating physical attacks, kidnappings and sabotage through Telegram-based networks, intertwining digital and real-world crimes.

Hybrid adversaries like those connected to ‘The Com’ ecosystem and the RENAISSANCE SPIDER group offer paid services for acts including arson and targeted violence, bridging the gap between cybercrime and physical threats in a dangerous marriage of tactics.

On identifying this growing trend, CrowdStrike advises European organisations to leverage the insights and mitigation strategies outlined in its report to stay ahead of sophisticated adversaries in a rapidly shifting cyber ecosystem – from deploying AI-enhanced threat detection to investing in intelligence-driven security postures that integrate cutting-edge technology with expert human analysis to counter the speed and complexity of modern attacks.

The report’s executive summary concludes: “As Europe's cyber threat landscape continues to evolve, organisations must stay vigilant against a diverse array of adversaries, from cybercriminal groups to state-backed threat actors and hacktivists. 

“With intelligence-driven security strategies, regional stakeholders can strengthen their defences, mitigate risks and stay ahead of emerging threats in an increasingly complex threat landscape.”