Ransomware attacks have dramatically increased in Europe, with a 55 percent rise in incidents recorded in the first four months of 2026 compared to the same period in 2025. Research conducted by Black Kite highlights a significant shift in ransomware activity towards Europe, while the United States has historically been the primary target. The oversaturation of ransomware activity in the US and the use of AI-assisted target research by attackers are driving this shift. The most affected countries are the United Kingdom, Germany, France, Italy, and Spain, with smaller countries like Turkey and Romania also experiencing sharp increases in attacks.
The manufacturing sector and digital service providers are particularly vulnerable, accounting for more than 25 percent and 17.8 percent of attacks respectively. These industries are attractive targets due to their position within larger supply chains and their access to client systems and data. The notable Miljödata attack in 2025 exemplified how breaching one IT provider can impact numerous downstream entities, affecting over 1 million individuals.
As ransomware groups exploit vulnerabilities in supply chains, organizations must enhance their risk management strategies. This includes understanding not only direct vendor risks but also the risks posed by fourth and fifth-party connections. Visibility into these complex networks is crucial for preventing and mitigating attacks. Experts suggest proactively engaging with vendors to map out potential risks and ensure contingencies are in place to protect against cascading and concentration risks.