New Report Warns Ransomware Attacks Have Soared in Europe – Veri Sızıntısı
Live
Search
Company
About Founder's Note Press & Media Privacy Policy Terms of Service FAQ Brand Kit
Products
HUBOne HUBCorp Coming Soon Veri Sızıntısı Android Coming Soon Veri Sızıntısı iOS Coming Soon Veri Sızıntısı Huawei Coming Soon Breach Radar Argus Flow Argus Engine LivePlatform
Technologies
What is Argus AI? Try on HUBOne What is Argus Flow? What is Argus Engine?
Blog Contact

New Report Warns Ransomware Attacks Have Soared in Europe

A new report by cyber risk management firm Black Kite reveals that ransomware attacks across Europe increased by over 55% in the early months of 2026 compared to the previous year. Germany, the UK, and the manufacturing sector are the primary targets.

Map of Europe with red warning icons symbolizing the increasing threat of cyber attacks

What Happened

Europe is facing a severe and escalating wave of ransomware attacks that has been ongoing for the past year. A new report, the “2026 European Cyber Risk Report” published on June 25 by the cyber risk management firm Black Kite, signals a clear and present danger for organizations across the continent. According to the report, publicly disclosed ransomware incidents in the first four months of 2026 saw an alarming 55.1% increase compared to the same period last year. This surge translates to an average of 171 attacks per month, proving once again how organized and persistent cybercriminals have become.

These figures only cover incidents that were detected and publicly disclosed. The true picture is estimated to be much bleaker, including unreported cases. The fact that cybercriminals are targeting companies of all sizes indiscriminately reveals the growing vulnerability of Europe's digital infrastructure. This increase serves as an urgent call for companies to reassess their firewalls and defense mechanisms.

Data Compromised

While the report by Black Kite focuses on the frequency and targets of the attacks, it does not provide specific details on the type or amount of data compromised in each incident. However, given the nature of ransomware attacks, it is known that cybercriminals typically target critical data that can bring a company's operations to a standstill. This data often includes customer information, financial records, trade secrets, employees' personal information, and sensitive data related to production processes. Attackers encrypt this data, making it inaccessible, and demand large ransoms for the decryption key. Furthermore, they increase the pressure on companies by threatening to publish this sensitive data online if the ransom is not paid.

How Did the Attack Happen

The report also identifies the most common ransomware families used in the attacks. According to the analysis, the most active group targeting Europe is Qilin. Operating in 26 of the 31 countries analyzed, Qilin alone is responsible for a total of 372 recorded incidents. This figure demonstrates the extensive geographical reach and effectiveness of Qilin's operations.

Qilin is followed by the Akira ransomware, with 159 cases. In third place is SafePay, with 80 incidents. However, SafePay has a significant distinction from the others: this ransomware has concentrated its attacks almost exclusively on a single country, Germany. Analysts note that this indicates a concerted effort by the cybercriminals using SafePay to specifically target German organizations. The report does not provide technical details on the initial access vectors (such as phishing emails or software vulnerabilities), but the types of ransomware used offer important clues about the threat actors' tactics.

Who Was Affected

An examination of the geographical distribution of the attacks shows that 70% of all ransomware incidents in Europe are concentrated in just five countries. These countries are, respectively:

  • Germany (18%)
  • The United Kingdom (17%)
  • France (12%)
  • Italy (12%)
  • Spain (10%)

From a sectoral perspective, it is clear that the manufacturing sector is the most targeted area by cybercriminals. 28% of all incidents during the reporting period targeted this sector. Experts attribute the concentration of SafePay ransomware in Germany to the fact that regions like the Ruhr Valley and Bavaria are hubs for manufacturing and industrial companies. The digitalization of production lines and the proliferation of automation systems make this sector more attractive and, at the same time, more vulnerable to cyberattacks. The 2025 incident targeting automotive giant Jaguar Land Rover (JLR), which went down in history as the costliest cyber-attack in the UK, serves as a grim reminder of how devastating and far-reaching an attack on the manufacturing sector can be.

What You Can Do

In light of the alarming picture painted by the report, it is crucial for organizations, especially in the manufacturing and industrial sectors, to take proactive steps. Here are some essential measures that can be taken:

  • Multi-Factor Authentication (MFA): Implement MFA for all critical systems, especially remote access points. This prevents stolen passwords alone from being sufficient to breach a system.
  • Robust Backup Strategy: Regularly back up your data and store these backups in an environment completely isolated from the network (offline). In the event of an attack, solid backups are the only thing that will allow you to restore your systems without paying the ransom. Regularly test the restorability of your backups.
  • Patch Management: Promptly apply patches to close security vulnerabilities in operating systems, software, and network devices. Cybercriminals often gain initial access by exploiting known but unpatched vulnerabilities.
  • Employee Training: Train your staff on how to recognize phishing emails and other social engineering tactics. Their ability to identify suspicious emails and links can help break the attack chain at the very beginning.
  • Incident Response Plan: Have a step-by-step plan for what to do in the event of a ransomware attack. This plan should include details on how to manage communication, which systems to shut down first, and when to notify legal authorities. Practice this plan regularly.

What the Company Is Saying

Black Kite, the publisher of the report, emphasizes that its findings serve as a serious warning for organizations in Europe. According to the company's analysis, the 55.1% increase in the volume of attacks indicates that cybercriminals have become more brazen and organized. The widespread activity of ransomware groups like Qilin across the continent shows that the threat is not confined to a specific region. Black Kite notes that SafePay's targeting of Germany's industrial regions suggests that attackers are now selecting their targets based on high economic value and sensitivity to operational disruption. The company states that the purpose of the report is not just to present statistics but to galvanize European firms into strengthening their cyber resilience.

Source

https://www.infosecurity-magazine.com/news/increase-ransomware-europe/

This content was generated with AI assistance through our Argus Flow application. We are continuously working to improve Argus Flow; if you encounter any issues such as translation errors, incorrect sources, or unverified information, you can report them using the button below. We appreciate your feedback.

Share This Article
X LinkedIn WhatsApp
← Previous Post LastPass Leaks Data via Klue Supply Chain Attack

Weekly Newsletter

Curated data breach news delivered to your inbox every week.