Back

Germany Faces Surge in Cyber Extortion Amid Rising Data Leaks

Severity: High (Score: 66.5)

Sources: Mandiant, Cybernews

Summary

In 2025, Germany experienced a significant resurgence in cyber extortion, becoming the primary target for data leaks in Europe. Google Threat Intelligence reported a staggering 92% increase in data leak incidents, outpacing the European average. This increase follows a period of relative calm in 2024 and mirrors the high-pressure environment seen in 2022 and 2023. The rise in attacks is attributed to Germany's advanced economy and digitized industrial base, making it appealing to cybercriminals. Notably, while UK-based organizations saw a decrease in data leak site postings, non-English-speaking countries, particularly Germany, experienced a surge. The cybercriminal ecosystem's maturation, including AI-driven localization, has diminished the protective barrier of language. Additionally, larger targets in North America and the UK are improving their defenses, prompting attackers to focus on Germany's small- to medium-sized enterprises, known as the Mittelstand. Threat actors are actively seeking partnerships to target German companies, indicating a strategic shift in their operations. However, experts caution that reliance solely on data leak site numbers can be misleading, as these figures often reflect only those victims who refuse to negotiate. Overall, the situation underscores a complex and evolving threat landscape in Germany. Key Points: • Germany saw a 92% increase in data leaks in 2025, the highest in Europe. • Cybercriminals are targeting Germany's Mittelstand due to enhanced security in larger firms. • The use of AI for localization is eroding language barriers, facilitating attacks.

Key Entities

  • Sarcoma (ransomware_group)
  • Alphv (ransomware_group)
  • Lockbit (ransomware_group)
  • Qilin (ransomware_group)
  • Safepay (ransomware_group)
  • Data Breach (attack_type)
  • Ransomware (attack_type)
  • France (country)
  • Germany (country)
  • Italy (country)
  • United States (country)
  • Construction & Engineering (industry)
  • Legal & Professional Services (industry)
  • Manufacturing (industry)
  • Retail (industry)
  • T1021 - Remote Services (mitre_attack)
  • T1567 - Exfiltration Over Web Service (mitre_attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed