EU Ransomware and Hacktivism Incidents in August 2025 Across Europe
In August 2025, Europe witnessed a significant surge in ransomware incidents, particularly in the retail, automotive, and education sectors. A total of 94 ransomware attacks were reported, marking a concerning increase of up to +400% compared to previous months.
Germany, in particular, experienced a 455% increase in ransomware incidents, placing it at the top of the attack statistics.
One notable event was a global phishing attack, where attackers posed as Salesforce and targeted companies in multiple countries, including the USA, Canada, Taiwan, the Netherlands, the UK, and Germany.
The emergence of five new ransomware groups - Sinobi, Payouts King, D4RK 4RMY, RansomedVC2, and BQTLock - added to the ongoing threat landscape. Both state-oriented hacktivists and financially motivated ransomware groups remain active in Europe.
However, the masterminds behind the coordinated recrimination methods and data leaks in the European Union documented in August as part of "Operation Eastwood" remain unidentified, as no specific details about these individuals or groups are currently publicly available.
"Operation Eastwood," an international law enforcement operation led by Europol and supported by Eurojust, is aimed at combating these coordinated attacks.
In addition, cybersecurity incidents such as hacktivism and DDoS attacks have been prevalent in countries like Germany, Ukraine, Switzerland, and France. For instance, Italian defense and security data has been leaked, and pro-Russian hacktivists launched coordinated retaliatory measures against several European governments and Europol.
As the digital threat landscape continues to evolve, it is crucial for organisations and governments to stay vigilant and implement robust cybersecurity measures to protect against these threats.
