- European companies are increasingly being targeted by ransomware
- High income and strict regulations make them a lucrative target, says Crowdstrike
- Geopolitics also plays a role in the increase in violations.
European companies are increasingly becoming targets of attacks ransomware and extortion, new research Crowdstrike states that the region now accounts for nearly 22% of global ransomware victims, second only to North America.
Since 2024, more than 2,100 victims have been posted on ransomware leak sites across the continent, making European firms twice as likely to be targeted as those in the Asia-Pacific region, and the perception that wealthier companies can pay higher ransoms makes them attractive targets.
strict GDPR rules and the steep fines imposed for violations have created the impression that European companies are more likely to be held to ransom, with lucrative industries such as manufacturing, professional services and technology most often targeted.
Evolving threats
No matter what part of the world you are in, ransom attack tactics and methods usually remain fairly similar. Credentials are flushed from backups, files are remotely encrypted, access to unmanaged systems is used to steal data and deploy ransomware, and Linux ransomware is deployed on VMware EsXI infrastructure.
While this is a common pattern, criminals are executing it faster than ever, with attackers averaging just 35.5 hours between initial access and deployment of ransomware, meaning security teams struggle to protect themselves after an incident is discovered, even if they know what's coming.
Geopolitics plays a major role in European attacks: the war in Ukraine forces politically motivated hacktivist groups to attack supporters of each side, collect information and disrupt services.
“The cyber battlefield in Europe is more crowded and complex than ever,” said Adam Meyers, head of adversary countermeasures at CrowdStrike.
“We are witnessing a dangerous convergence of criminal innovation and geopolitical ambition, with ransomware groups leveraging enterprise-grade tools and state-backed actors exploiting global crises to disrupt, perpetuate and espionage. In this high-stakes environment, intelligence-led defense, powered by artificial intelligence and driven by human expertise, is the only combination designed to thwart cyber threats.”
The best identity theft protection for any budget
