Skip to content

Germany Ranks Third in Ransomware Attacks – 333 Successful Incidents in 2025

The Point: Ransomware attacks are surging massively and hitting Germany particularly hard; the SafePay group is responsible for approximately one quarter of them.

In 2025, over 8,150 successful ransomware attacks were registered worldwide – an increase of approximately one third compared to the previous year. Germany, with 333 attacks, ranks among the most frequently affected countries and takes third place globally.

According to the Threat Status Report 2025/2026 from cybersecurity firm aDvens, over 8,150 successful ransomware incidents were registered worldwide in 2025. In February alone, case numbers exceeded the 1,000 mark. The United States recorded the most known cases with 3,399 attacks (nearly 42 percent of global incidents), followed by Canada with 361 attacks. Germany ranks third with 333 successful attacks.

A prominent example is the attack on Jaguar Land Rover, which led to production outages with estimated damages of approximately €2.19 billion for the United Kingdom. In Germany, attacks are concentrated particularly on the manufacturing sector (approximately one fifth of all incidents); the technology, transport, and logistics sectors are also heavily affected. These sectors are deliberately targeted because their outages have significant economic consequences.

The SafePay group stands out particularly: the group, which emerged only in 2024, was responsible for approximately one quarter of all successful ransomware attacks in Germany in 2025 and ranks among the most active ransomware gangs worldwide according to aDvens. Cybercriminals increasingly use AI-driven methods and sophisticated social engineering techniques, which makes attacks more efficient and harder to detect.

In ransomware attacks, perpetrators encrypt data or block access to critical applications and demand ransom – usually in cryptocurrencies. Many gangs also employ double extortion: they copy sensitive data and threaten publication to apply additional pressure. The consequences range from data loss to production outages to significant financial and reputational damage.

To prevent attacks, aDvens CEO Andreas Süß recommends targeted network segmentation, multi-factor authentication, regular data backups, and employee awareness training. External security experts can be engaged if needed.


Source: www.it-daily.net · Published June 24, 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification via Lumi News Pipeline v1.7.1.

Share on: