Home Press center CrowdStrike Shares Key 2025 Insights: Ransomware Growth and Increased State Activity

CrowdStrike News

Published: november 25, 2025

CrowdStrike Shares Key 2025 Insights: Ransomware Growth and Increased State Activity

The article is also available at:

Ukrainian, Russian

The company iIT Distribution, the distributor of CrowdStrike, presents the key findings of the CrowdStrike 2025 European Threat Landscape Report.

European organizations face evolving cybercrime tactics, a sharp increase in ransomware attacks, and heightened state-level threats. Europe remains a primary target for global malicious actors. Financially motivated cybercriminal groups continue to target this region, while geopolitical tensions caused by ongoing conflicts lead to increased espionage and hacktivism.

The CrowdStrike 2025 European Threat Landscape Report is based on operational intelligence collected from elite threat hunters and intelligence analysts at CrowdStrike, providing a clear understanding of the adversaries operating in or targeting Europe. It includes the information organizations need to anticipate threats, bolster their defense mechanisms, and maintain an advantage as adversaries become faster, more stealthy, and destructive. To be able to stop these adversaries, companies must first understand them well. Below is a brief overview of the key findings and analytical data from this report.

CrowdStrike Shares Key 2025 Insights: Ransomware Growth and Increased State Activity - image 1

A complex and crowded cyber threat landscape

Activities related to big game hunting (BGH) are widespread throughout the region. European organisations accounted for nearly 22% of all structures found on specialised data leak sites (DLS) tracked by CrowdStrike’s Counter Adversary Operations department, making Europe the second most attacked region after North America. Since the beginning of 2024, approximately 2,100 European victims have been named by BGH attackers on more than 100 DLS used for data ransomware and extortion software. Aggregated data from DLS indicates that among European countries, the United Kingdom, Germany, Italy, France and Spain have been the most targeted. The most attacked sectors were manufacturing, professional services, technology, industry and engineering, and retail.

European companies are increasingly becoming targets of BGH adversaries, likely due to several reasons:

Attractiveness of targets: Five of the ten most valuable companies in the world are located in Europe. Since BGH attackers typically set ransom amounts based on the victim’s revenue, they likely believe that European organisations are capable of paying significant sums.
Political motivation: Although BGH attackers are primarily financially motivated, some have expressed political views and threatened politically motivated actions.
Legal pressure: Attackers have used EU penalties under the General Data Protection Regulation (GDPR) for information leaks to coerce victims into paying. Some hackers have threatened to report regulatory non-compliance through their DLS.

The European cybercrime ecosystem remains dynamic and adaptable. Criminal online marketplaces such as BreachForums (run by criminals in France and the UK) and encrypted applications provide a link between initial access brokers, malware developers and ransomware affiliates. Russian- and English-language forums are hubs for selling stolen credentials, data, and system access. Telegram is often used to sell phishing kits and stolen login information.

Voice phishing and fake CAPTCHA pages have become the primary methods of gaining access to target systems, which attackers then use to steal data and conduct ransomware campaigns. During 2024 and 2025, CrowdStrike recorded more than 1,000 incidents involving the use of fake CAPTCHA lures targeting European organisations.

The company iIT Distribution is the distributor of CrowdStrike solutions in Ukraine, Eastern Europe, Central Asia, and the Baltics. CrowdStrike is an industry leader in cybersecurity, actively implementing advanced artificial intelligence technologies in its solutions.

Geopolitical tensions stimulate the activity of state malefactors

Malicious states such as Russia, China, North Korea, and Iran expanded their regional targets across various industries. The war in Ukraine continued to shape the European cyber threat landscape. Hackers linked to Russia used phishing attacks against government, defence, and infrastructure networks to gather intelligence and undermine Western support for Ukraine. Destructive attacks continue against Ukrainian organisations to disrupt systems and exert psychological pressure on the population.

North Korea strengthened its alliance with Russia by sending troops to support the war in exchange for advanced defence technology and electronic warfare systems. The DPRK also expanded its cyberattacks on Europe, targeting defence, diplomatic and financial institutions to steal cryptocurrency and circumvent sanctions.

China-linked actors continue to attack European organisations to gather intelligence, primarily targeting peripheral devices and cloud infrastructure. Many China-linked actors have consistently focused on Europe’s government, healthcare, and biotechnology sectors.

Armed conflicts in the Middle East, particularly between Israel and Hamas, have been the main drivers of Iranian-backed cyber operations and pro-Iranian hacktivism against European entities. Iran-affiliated actors have conducted operations across Europe, including espionage, hacking and exfiltration campaigns, and destructive attacks. Many Iranian hacking groups have posed as hacktivists to conceal state espionage efforts.

As Europe’s cyber threat landscape continues to evolve, organisations need to remain vigilant against a variety of adversaries, from cybercriminal groups to state-sponsored hackers and hacktivists. With intelligence-driven security strategies, organisations across the region can strengthen their defences, reduce risk, and stay ahead of emerging threats.

News