Europe is on pace for its worst year for ransomware attacks, with incidents jumping 80% in 2024 and 2025 on track to set a new record. New research highlights the sectors most at risk and the tactics behind the surge.
ATHENS, Greece, Sept. 6, 2025 /PRNewswire-PRWeb/ -- Ransomware is hitting European industry harder than ever, according to a continent-wide study by TicTac Cyber Security and Social Active. The findings are stark.
From 2023 through mid-2025, ransomware attacks have consistently focused on sectors that drive national economic activity and handle critical data. Industry, technology and healthcare remain permanently in the crosshairs of cybercrime groups. The data clearly show these sectors are repeatedly targeted as attackers deliberately choose victims where downtime is costly and recovery is difficult.
Sharp rise in attacks
Attacks have risen at an alarming pace over the past two years. In 2023, 713 incidents were recorded. In 2024, the figure jumped to 1,288 - an increase of more than 80 percent. By July 2025, 921 attacks had already been logged across the continent, with projections that the total will surpass 1,746 by year-end, setting a new record.
This is not a temporary spike, experts stress, but clear evidence that the threat is not only growing; it is rapidly evolving. Every organization, in every sector, needs to treat it with utmost seriousness.
Manufacturing remains the top target, considered by cybercriminals a very high-value prize, with its share of successful attacks rising from 26.92 percent to 28.79 percent. Technology ranks second, increasing from 10.3 percent to 11.72 percent. Attacks on healthcare surged to 8.97 percent, underscoring how attractive it has become for adversaries seeking sensitive patient data.
Retail, together with other key sectors such as hospitality and transportation, remains under constant pressure. Government and justice systems are also frequent targets because their systems hold citizens' data, and the intense public demand for rapid restoration after an incident makes them prime candidates for extortion. Energy and financial services are attacked as well, though less often, likely due to stricter security controls and regulation.
Who is behind the attacks?
The analysis points to a constantly shifting set of perpetrators targeting Europe. Some have operated for years, while others emerged recently and are expanding rapidly.
In 2023, LockBit3 was the most active ransomware group in Europe; other significant actors included Play and ALPHV, while smaller or less stable groups also contributed meaningfully.
In 2024, LockBit3 remained active but lost substantial share, likely due to law-enforcement pressure or internal changes. New names appeared - most notably RansomHub - while 8Base, Akira and BlackBasta also stood out. Activity by smaller or newly formed groups surged, accounting for roughly 35 percent of ransomware incidents, a development that made the threat landscape even more unpredictable.
In 2025, LockBit3 ceded the lead to Akira, with Qilin and SafePay claiming a growing share of attacks. Smaller and emerging groups continue to play a decisive role, with sustained activity indicating that many lesser-known or short-lived crews remain active.
Tactics are evolving as well, with attacks becoming increasingly strategic and targeted rather than random or purely mass-distributed.
Analysts emphasize that protecting a business today does not stop at installing antivirus software or using basic firewalls. In Europe, the NIS2 directive has set new cybersecurity standards, requiring organizations to secure their systems or face substantial fines. Beyond compliance, multilayered defenses are essential: access controls, secure backups and robust endpoint protection should work in concert to reduce risk, while continuous updates and proper patching limit the chance that attackers will exploit security gaps.
Media Contact
Mike Mingos, TicTac Cyber Security, 30 210 6897383, [email protected], https://tictac.gr/en/
Andreas Kougentakos, Social Active, 30 2102202725, [email protected], https://www.socialactive.com/
SOURCE TicTac Cyber Security

Share this article