Europol has warned that cybercrime affecting the EU is evolving rapidly, with criminals increasingly using encryption, proxies and artificial intelligence to scale their operations.
The report, published on 28 April, examines trends spanning “cybercrime enablers”, online fraud, cyber-attacks and online child sexual exploitation, the European Commission reported on Wednesday.
It found the dark web — parts of the internet accessed with specialist software — remains a key marketplace for cybercriminals, with forums and marketplaces proving resilient despite law enforcement action.
Cryptocurrencies are also playing a growing role, with privacy-focused coins and offshore exchange services used to launder ransomware payments and make transactions harder to trace.
The report added that cryptocurrencies are becoming more popular among minors and young adults, who may “unknowingly” become involved in money laundering.
AI and ransomware tactics shift
Generative AI is increasingly being used to tailor “social engineering” scams — where criminals manipulate victims into handing over money or access — and to automate fraud at greater speed and scale, the assessment said.
Ransomware, which locks up systems or data until a payment is made, remained a persistent threat in 2025, with “many active ransomware brands” observed.
Europol also said cyber-attacks are increasingly accompanied by threats to release stolen data, and noted an “interweaving” of state-sponsored hybrid threats with criminal actors that can act as proxies.
Online child sexual exploitation is rising, with sexual extortion cases continuing to spike and more trading of child sexual abuse material for financial gain.
It added that the production of synthetic child sexual abuse material is increasing, while end-to-end encrypted messaging apps have become a prominent communication channel for offenders, complicating investigations.
