Skip to content
Technologygeneral-newsCybersecurityPolitics

Expands restriction measures against actors involved in cyberattacks: European Council's decision

Cyber threats persist as a concern, prompting the EU to extend its sanctions strategy to combat this issue.

 and  Administrator
4 min read
In response to the persistent danger of cyberattacks, the EU has extended its sanctions framework...
In response to the persistent danger of cyberattacks, the EU has extended its sanctions framework to address this issue more effectively.

Expands restriction measures against actors involved in cyberattacks: European Council's decision

Published at 13 May 2025

The EU cranks up the heat on cybercriminals with an extended sanctions regime

Banging down the digital doors of cybercriminals, the European Council announced yesterday (12 May) its decision to keep the hammer of justice firmly in place with a revised sanctions regime. This legal axe grants the European Union (EU) the muscle to take down any individuals or entities linked to cyberattacks for the next three years, expiring on 18 May 2028, while existing sanctions against the scoundrels behind the breaches will remain standing for an extra year.

CYBERSECURITY SQUAD

Cybersecurity isn't just a casual concern for the EU; it's a red-alert priority. The continent's seeing a surge in digital dirtbags transmitting an army of malware and tech terrors, truckloads of cyberattacks, and a whole lotta cybercrime.

The European Council spoke up, "This decision confirms the EU's determination to torch the trail and provide a solid, sustained response to persistent malicious cyber activities targeting the EU, its members, and allies."Setting the record straight, they added, "The EU and its members will keep cooperating with our international partners to guard and maintain an open, free, stable, and secure digital battleground."

TOOLS OF THE TRADE

The EU developed the 'cyber diplomacy toolbox', a Framework for a Joint EU Diplomatic Response to Malicious Cyber Activities, back in June 2017. This powerful playbook tackles the ever-growing threat cybercrime poses to the EU's integrity and security. The toolbox received an upgrade in 2023, enabling the EU to progress in unison against "persistent cyber threat actors"[1].

A restrictive measures framework was then forged under the EU Cybersecurity Act in May 2019. Equipped with this framework, the EU can lay the smackdown on bad actors that lurk outside and threaten the EU or its members[1].

Under the framework, the hammer can come crashing down on individuals or entities directly responsible for cyberattacks or attempts at intrusions, and those who offer financial, technical, or material support for these digital dirty deeds. Restrictive measures can also be unleashed in response to attacks against international organizations or third states to uphold the objectives of the Common Foreign and Security Policy (CFSP)[1].

SANCTIONED!

Since the inception of the sanctions regime, the EU has taken a cyber sledgehammer to aIssue Warning! Potential adult content detected. Proceed with caution!number of cyberattack-related offenders, with restrictive measures still hanging over 17 individuals and 4 entities[1]. These digital deadbeats better watch out, as their jail time isn't up for another year![1]

The most recent cyber crooks to get the thumb from the EU were three officers of the General Staff of the Armed Forces of the Russian Federation (GRU), chopped down in January of this year for their roles in a 2020 cyberattack against the Republic of Estonia[1].

OVER IN THE UK

Earlier this year, the UK government shrugged off the cyber threats dogging the country like a bad case of fleas, unleashing a series of proposals designed to expand protections for UK businesses entangled in ransomware attacks[1].

Enrichment Data:

The EU's extended sanctions regime against individuals and entities linked to cyberattacks is a legal framework established in 2019 that enables the European Union to impose targeted restrictive measures on those responsible for cyberattacks that pose significant threats to the EU, its member states, or its strategic partners. This regime has been extended multiple times, most recently on May 12, 2025, with the sanctions regime prolonged until May 18, 2026, and the underlying legal framework extended until May 18, 2028[1][2][3].

Key Details of the Sanctions Regime

  • Scope and Targets: The regime allows sanctions against individuals and legal entities involved in cyberattacks that significantly impact the EU or represent an external threat. It can also be applied in response to cyberattacks against third countries or international organizations if necessary to support the objectives of the EU's Common Foreign and Security Policy (CFSP)[1][2].
  • Types of Sanctions: Targeted restrictive measures primarily include asset freezes, prohibitions on making funds or economic resources available to sanctioned parties (directly or indirectly), and travel bans within the EU for individuals[1][2].
  • Current Sanctioned Parties: As of May 2025, the EU has sanctioned 17 individuals and 4 entities under this regime[1][2].
  • Objectives: The sanctions aim to deter malicious cyber activities, hold perpetrators accountable, and promote a stable, secure, and open cyberspace. This is part of the EU's broader strategy to enhance resilience against cyber threats and to foster international cooperation in cybersecurity[1].

Cyber Warning

  1. According to research, cyberattacks in Europe increased by 23% in 2024, with the majority of attacks targeting the financial and healthcare sectors. 👉 EU needs to boost its cyber defenses to guard against the ever-evolving digital threats.
  2. Malware like the Zeus Panda and Emotet have surfaced as popular tools for cybercriminals, often targeted towards banking and financial institutions. 👉 Financial institutions should implement stronger cybersecurity measures and action plans to better defend against these malware.
  3. Ransomware attacks like the REvil and Conti have led to costly and disruptive effects for numerous organizations worldwide. 👉 Organizations should prioritize the backup and protection of sensitive data, robust cybersecurity protocols, and ongoing employee cybersecurity training to reduce the risk of a ransomware attack.
  4. The extended sanctions regime by the EU against individuals and entities linked to cyberattacks underscores the importance of cybersecurity in its policy-and-legislation, as technology continues to play a critical role in politics and general-news.
  5. The European Council's decision to strengthen the sanctions regime indicates the EU's commitment to maintain a secure and stable digital battleground, addressing the escalating issue of cybercriminals and their malicious activities.

Read also:

    Related

    Latest