Thousands fall victim to ransomware as European attacks reach record highs - here's why they're so at risk

• European companies are being targeted more and more by ransomware attacks
• High income and strict regulations make them lucrative targets, Crowdstrike finds
• Geopolitics also plays a role in the increased number of breaches

European companies are increasingly the targets of ransomware and extortion, new research from CrowdStrike has claimed, with the region now accounting for almost 22% of global ransomware victims, second only behind North America.

Since 2024, over 2,100 victims have been posted on extortion leak sites across the continent - making European firms twice as likely to be targeted than those in the Asia Pacific, and the view that richer companies can pay higher ransoms makes them attractive targets.

The strict GDPR regulations and heavy penalties that come with violations have created the perception that European companies are more likely to pay ransom demands, with lucrative industries like manufacturing, professional service, and technology most commonly targeted.

Save up to 68% on identity theft protection for TechRadar readers!

TechRadar editors praise Aura's upfront pricing and simplicity. Aura also includes a password manager, VPN, and antivirus to make its security solution an even more compelling deal.

Preferred partner (What does this mean?)

View Deal

Evolving threats

No matter where in the world you are, the ransom attack tactics and techniques usually stay pretty similar. Credentials are dumped from backups, files are remotely encrypted, access is leveraged to unmanaged systems in order to steal data and deploy the ransomware, and Linux ransomware on VMware EsXI infrastructure is deployed.

Although it's a common playbook, it’s quicker than ever for criminals to execute this, with adversaries averaging just 35.5 hours between initial access and ransomware deployment - meaning security teams are scrambling to protect themselves after they detect an incident, even if they know what's coming.

Geopolitics plays an important role in European attacks, with the war in Ukraine driving politically motivated hacktivist groups to target supporters on each side, collecting information and disabling services.

“The cyber battlefield in Europe is more crowded and complex than ever,” said Adam Meyers, head of Counter Adversary Operations at CrowdStrike.

“We’re seeing a dangerous convergence of criminal innovation and geopolitical ambition, with ransomware crews using enterprise-grade tools and state-backed actors exploiting global crises to disrupt, persist, and conduct espionage. In this high-stakes environment, intelligence-led defense powered by AI and guided by human expertise is the only combination designed to stop cyber threats.”

The best ID theft protection for all budgets

➡️ Read our full guide to the best identity theft protection
1. Best overall:
Aura
2. Best for families:
IdentityForce
3. Best for credit beginners:
Experian IdentityWorks