Twenty-four hours and a company goes from operational to foreclosure. In one case, it took 51 seconds. The result is unchanged: system breach, database encryption, path terminated. So cyber extortion: «Pay and you will get your data back». In Italy – amidst a fragile economic structure and digital defenses full of weaknesses – the draft law emerged quickly: many SMEs closed their businesses and sent their workers to layoffs. The costs are multiple: social, for the employee’s family; economically, because other productive realities have stopped.
We know his name from the chronicles: ransomware. However, the impact is still vague. There is one thing that highlights this: in Europe, this year, the figure has grown by 48% compared to 2024. This mainly affects the most economically attractive countries: the UK and Germany, and Italy is in third place, followed by France and Spain. Here the standard operation is repetitive and cruel: in 92% of cases, the attack combines file encryption and data exfiltration. The targets have not changed: manufacturing, professional services and technology, industry. With a local feel. In Italy, it was the most affected manufacturingretail, academia and industry.
That’s the report Europe’s Threat Landscape 2025 by CrowdStrike, a US cybersecurity company, presented yesterday.
Trends in the EU
Between January 2024 and September 2025, Europe experiences a surge attack carried out by 53 eCrime groups: «The continent ranks second in terms of the number of attacks, after North America, and European companies they represent almost 22% of global victims”, explains Luca Nilo Livrieri, Senior Director, Sales Engineering Southern Europe at CrowdStrike. Acting as a showcase is Dls (Data leak site), dark web message boards where names of affected companies, ransom demands, countdowns, and samples of stolen data are showcased to increase pressure. The thermometer is rising: DLS reports Europe-based entities are growing nearly 13% year over year, from about 1,220 to 1,380 in 2025.
Why this centrality? Not only because of the economic burden of European countries, as explained by Livrieri. There’s even a regulatory factor that attackers exploit to gain an advantage: rigidity GDPR (privacy protection) and sanctions for non-compliance. «The attacker threatened to report the company for non-compliance with regulations in the event of a data breach, thereby prompting the company to pay the ransom».
