What's Happening?
The French National Cybersecurity Agency (ANSSI) has reported a decrease in ransomware attacks in 2025, with 128 incidents compared to 141 in 2024. This decline is attributed to successful law enforcement operations and preventive measures by cyber defenders.
Despite the reduction, ransomware remains a significant threat, particularly to small and medium businesses, as well as public and private healthcare and education sectors. The most common ransomware strains identified were Qilin, Akira, and LockBit 3.0/LockBit Black. ANSSI's report also highlighted a stable number of cyber incidents, with 1,366 confirmed malicious activities in 2025, similar to the previous year. The agency noted an increase in data exfiltration incidents, though many claims were exaggerated or false.
Why It's Important?
The decline in ransomware attacks is significant as it reflects the effectiveness of cybersecurity measures and law enforcement in combating cybercrime. This trend is crucial for businesses and public sectors that are frequent targets of such attacks, as it reduces potential financial and operational disruptions. The report underscores the ongoing threat of ransomware, emphasizing the need for continued vigilance and investment in cybersecurity infrastructure. The findings also highlight the complexity of attributing cyberattacks due to the overlap between nation-state actors and cybercriminals, which complicates defensive strategies.
What's Next?
ANSSI's report suggests that France is preparing for potential future scenarios involving hybrid attacks that combine cyber and physical threats to critical infrastructure. The agency emphasizes the importance of enhancing cybersecurity measures to deter and complicate the efforts of attackers. As cyber threats evolve, collaboration between international law enforcement and cybersecurity agencies will be crucial in mitigating risks and protecting critical infrastructure.
Beyond the Headlines
The report raises concerns about the increasing sophistication of cyber threats and the potential for hybrid attacks that could have destructive effects on critical infrastructure. This highlights the need for comprehensive cybersecurity strategies that address both technological and organizational challenges. The findings also suggest a need for greater transparency and accuracy in reporting cyber incidents to avoid misinformation and exaggeration.
