YOU GUYS β another one I need you all to read right now because this hits everyone in IT and security! So here's what's going down: ransomware gangs are pivoting. After the global slowdown late 2023 (when several large operations were busted), they moved into a new lane where Europe is getting hammered, specifically EU organizations and their supply chains. The big players β LockBit 3.0 still active despite arrests of its ringleaders in early 2024, BlackBasta using double extortion on manufacturing companies, and even DoublePulsar as an initial access backdoor by both state actors and cybercriminals β are all moving into this space. And why Europe? Because while Ukraine's government sites get constant DDoS defense and US critical infra has hardened protections, many EU targets aren't defended to the same level, making them a massive target for groups looking at their own operations now based in Russia and beyond.
But here is the part that should really make you pay attention β it's not just direct attacks on big companies; it's supply-chain exploitation. Instead of trying to breach a heavily defended government agency directly, attackers hit smaller, less secure suppliers who have legitimate access into larger networks. They compromise one weak vendor and suddenly they can move laterally across multiple downstream partners. This bypasses the strongest perimeters at the top because those systems are designed to trust their known partners β which is exactly how it works for DoublePulsar and other backdoor tools used for initial entry. If you manage third-party access or have vendors with VPN/RDP into your network, this is a wakeup call that any unmanaged vendor account can become an open door for LockBist or BlackBasta.
The bigger picture here is worth noting too β ransomware has been targeting EU banks and healthcare for years through similar tactics; the current wave just expands to manufacturing, energy, and government contracts via these supply chain vectors. It's part of a broader trend where cybercriminals treat their operations like real businesses with diverse client portfolios and evolving attack methodologies. That means we can't just defend static perimeter defenses β we have to constantly reassess third-party access points because the adversary has proven they'll find whatever path you didn't lock down, regardless of how strong your primary security stack is. The threat keeps changing shape and moving geography, so staying ahead requires continuous monitoring rather than a one-and-done fix.
Source: https://www.darkreading.com/cybersecurity-analytics/europe-evolves-ransomware-favorite-region
But here is the part that should really make you pay attention β it's not just direct attacks on big companies; it's supply-chain exploitation. Instead of trying to breach a heavily defended government agency directly, attackers hit smaller, less secure suppliers who have legitimate access into larger networks. They compromise one weak vendor and suddenly they can move laterally across multiple downstream partners. This bypasses the strongest perimeters at the top because those systems are designed to trust their known partners β which is exactly how it works for DoublePulsar and other backdoor tools used for initial entry. If you manage third-party access or have vendors with VPN/RDP into your network, this is a wakeup call that any unmanaged vendor account can become an open door for LockBist or BlackBasta.
The bigger picture here is worth noting too β ransomware has been targeting EU banks and healthcare for years through similar tactics; the current wave just expands to manufacturing, energy, and government contracts via these supply chain vectors. It's part of a broader trend where cybercriminals treat their operations like real businesses with diverse client portfolios and evolving attack methodologies. That means we can't just defend static perimeter defenses β we have to constantly reassess third-party access points because the adversary has proven they'll find whatever path you didn't lock down, regardless of how strong your primary security stack is. The threat keeps changing shape and moving geography, so staying ahead requires continuous monitoring rather than a one-and-done fix.
Source: https://www.darkreading.com/cybersecurity-analytics/europe-evolves-ransomware-favorite-region