{"id":4800,"date":"2026-03-12T03:43:34","date_gmt":"2026-03-12T03:43:34","guid":{"rendered":"http:\/\/ft365.org\/index.php\/2026\/03\/12\/france-national-cybersecurity-agency-reports-ransomware-attack-drop-in-2025\/"},"modified":"2026-03-12T03:43:34","modified_gmt":"2026-03-12T03:43:34","slug":"france-national-cybersecurity-agency-reports-ransomware-attack-drop-in-2025","status":"publish","type":"post","link":"https:\/\/ft365.org\/index.php\/2026\/03\/12\/france-national-cybersecurity-agency-reports-ransomware-attack-drop-in-2025\/","title":{"rendered":"France: National Cybersecurity Agency Reports Ransomware Attack Drop in 2025"},"content":{"rendered":"<div id=\"cphContent_pnlArticleBody\">\n<div id=\"layout-3e95b0fd-7d5b-40d3-93cd-ff118d8a45db\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"0\">\n<p>The French Cybersecurity Agency (ANSSI) has confirmed the decline of known ransomware attacks in 2025, in part due to successful law enforcement operations.<\/p>\n<p>The latest edition of the agency\u2019s annual threat report, published on March 11, dives into the range of cyber threats that French public and private organizations have faced in 2025.<\/p>\n<p>According to ANSSI data, there were 128 ransomware attacks reported in France in 2025, slightly fewer than the 141 such attacks recorded in 2024.<\/p>\n<\/p><\/div>\n<figure id=\"layout-054b6e8c-0c63-42b0-b4b8-563b00916e16\" data-layout-id=\"4\" data-edit-folder-name=\"image\" data-index=\"1\"><img decoding=\"async\" src=\"http:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/localimages\/aac2d943-9939-4ce0-9106-cbdb556f5ed6.png\" alt=\"Monthly and cumulative distribution of ransomware attacks in France in 2024 and 2025. Source: Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d'information (ANSSI), translated using OpenAI's GPT Image 1.5\"><figcaption>Monthly and cumulative distribution of ransomware attacks in France in 2024 and 2025. Source: Agence nationale de la s\u00e9curit\u00e9 des syst\u00e8mes d&#8217;information (ANSSI), translated using OpenAI&#8217;s GPT Image 1.5<\/figcaption><\/figure>\n<div id=\"layout-3df8fc2b-70cd-4d12-a0d5-edf1b441eb55\" data-layout-id=\"2\" data-edit-folder-name=\"text\" data-index=\"2\">\n<p>Nevertheless, the agency highlighted that ransomware compromises remained a significant threat and represent a substantial share of the over cybercriminal activity.<\/p>\n<p>The report also noted that, while ANSSI\u2019s partnering security vendors frequently warn about an uptick in encryption-less cyber extortion attacks such incidents have been limited, according to the agency\u2019s data.<\/p>\n<p>Small and medium businesses (SMBs) remained the organizations most targeted by ransomware, but public and private healthcare entities and education organizations have experienced the biggest year-over-year increase.<\/p>\n<p>The most prevalent ransomware strains observed by ANSSI in 2025 were Qilin (21%), Akira (9%), and LockBit 3.0\/LockBit Black (5%).<\/p>\n<p>Additionally, more than a dozen strains (notably Nova, Warlock and Sinobi) were observed for the first time in 2025 in at least one incident.<\/p>\n<p>ANSSI assessed that the drop in ransomware attacks is at least partly due to the successful preventive intervention of cyber defenders, including those from the French agency, and large-scale law enforcement operations.<\/p>\n<p>One of the most impactful efforts was Operation Endgame, which ANSSI said disrupted a large part of the ransomware landscape and undermined trust within the cybercriminal ecosystem.<\/p>\n<h2><strong>Cyber Incidents Treated by ANSSI Remain Stable<\/strong><\/h2>\n<p>Overall, ANSSI received 3586 cyber alerts that involved the support of the agency in 2025, an 18% drop compared to 2024. However, this decline can be partly explained by a spike of signals sent to ANSSSI during the 2024 Paris Olympic and Paralympic Games.<\/p>\n<p>Out of those 3586 cyber alerts, the agency reported 1366 cyber incidents where the involvement of a malicious actor was confirmed.<\/p>\n<p>This is similar to the number ANSSI reported the previous year (1361 of cyber incidents in 2024), which itself was an increase from the 1112 incidents reported in 2023 and 831 in 2022.<\/p>\n<p>The report also noted a significant increase in the number of incidents related to data exfiltration. However, the agency warned that claims of data exfiltration must always be considered with extra care as they often are subject to exaggeration or even lies from the cybercriminals.<\/p>\n<p>For instance, out of the 460 events identified by ANSSI as possible data leaks in 2025, 42% were confirmed as being associated with actual compromises and the remainder were either false claims or &#8220;recycling&#8221; of data from previous compromises.<\/p>\n<p>ANSSI also highlighted a significant drop in distributed denial-of-service (DDoS) attacks targeting French organizations in 2025.<\/p>\n<h2><strong>Overlaps Between Nation-State Groups and Cybercriminals Complicate Attribution<\/strong><\/h2>\n<p>Finally, the report emphasized the emergence of a technological and organizational fog, deliberately used as leverage by both nation-state attackers and cybercriminals, where groups from both categories increasingly share capabilities, adopt each other\u2019s practices.<\/p>\n<p>\u201cThis trend inherently complicates the attribution process, as it is associated with a division of tasks among multiple actors, each specializing in certain phases of a compromise,\u201d the ANSSI report reads.<\/p>\n<p>Vincent Strubel, ANSSI\u2019s director general, said in the report that the series of cyber-attacks against Polish electrical infrastructure at the end of 2025 \u201craises the specter of the feared scenario for which France is preparing.\u201d<\/p>\n<p>\u201cIt is a central scenario in which we would face, by 2030, a massive increase in so\u2011called \u2018hybrid\u2019 attacks, with cyber-attacks representing a major component and having concrete or even destructive effects on our critical infrastructures,\u201d he added. Before concluding that \u201cyes, France has the means to counter, deter, or at least significantly complicate the work of attackers.\u201d<\/p>\n<\/p><\/div>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The French Cybersecurity Agency (ANSSI) has confirmed the decline of known ransomware attacks in 2025, in part due to successful law enforcement operations. The latest edition of the agency\u2019s annual threat report, published on March 11, dives into the range of cyber threats that French public and private organizations have faced in 2025. According to<\/p>\n","protected":false},"author":2,"featured_media":4801,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-4800","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized"],"featured_image_urls":{"full":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4800-ca11f16a-fb9a-4a71-90d9-81b78789255e.jpg",300,300,false],"thumbnail":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4800-ca11f16a-fb9a-4a71-90d9-81b78789255e-150x150.jpg",150,150,true],"medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4800-ca11f16a-fb9a-4a71-90d9-81b78789255e.jpg",300,300,false],"medium_large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4800-ca11f16a-fb9a-4a71-90d9-81b78789255e.jpg",300,300,false],"large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4800-ca11f16a-fb9a-4a71-90d9-81b78789255e.jpg",300,300,false],"1536x1536":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4800-ca11f16a-fb9a-4a71-90d9-81b78789255e.jpg",300,300,false],"2048x2048":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4800-ca11f16a-fb9a-4a71-90d9-81b78789255e.jpg",300,300,false],"morenews-featured":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4800-ca11f16a-fb9a-4a71-90d9-81b78789255e.jpg",300,300,false],"morenews-large":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4800-ca11f16a-fb9a-4a71-90d9-81b78789255e.jpg",300,300,false],"morenews-medium":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4800-ca11f16a-fb9a-4a71-90d9-81b78789255e.jpg",300,300,false],"crawlomatic_preview_image":["https:\/\/ft365.org\/wp-content\/uploads\/2026\/03\/4800-ca11f16a-fb9a-4a71-90d9-81b78789255e-146x146.jpg",146,146,true]},"author_info":{"display_name":"henry","author_link":"https:\/\/ft365.org\/index.php\/author\/henry\/"},"category_info":"<a href=\"https:\/\/ft365.org\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","_links":{"self":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4800","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/comments?post=4800"}],"version-history":[{"count":0,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/posts\/4800\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media\/4801"}],"wp:attachment":[{"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/media?parent=4800"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/categories?post=4800"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ft365.org\/index.php\/wp-json\/wp\/v2\/tags?post=4800"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}