India has emerged as one of the top three targets for ransomware attacks in the Asia-Pacific (APAC) region, according to the Global Threat Landscape Report: H1 2025 by Cyble, a US based cyber threat intelligence and monitoring startup. The report reveals a surge in ransomware and supply chain attacks globally, with India recording 21 ransomware incidents in the first half of the year—behind only Taiwan (37) and Singapore (32).

The key sectors targeted in India include Information Technology, Banking, Financial Services and Insurance (BFSI), and Manufacturing, pointing to a pattern of calculated, high-value attacks on the backbone of India’s digital economy.

“India’s growing digital economy makes it a lucrative target for cybercriminals,” said Beenu Arora, CEO and Founder of Cyble. “Ransomware groups are actively exploiting sector-specific vulnerabilities and regional tensions. Our data shows a marked increase in precision targeting—especially by ransomware gangs like Qilin, RansomHub, and Medusa—who are treating Indian firms as high-value victims.”

What is Ransomware?

Ransomware is a type of malicious software used by cybercriminals to block access to a system or data until a ransom is paid. Attackers often encrypt critical files and demand payments in cryptocurrency, with threats to leak or permanently destroy the stolen data if their demands aren’t met. Increasingly, ransomware is deployed via Ransomware-as-a-Service (RaaS), where developers lease out their malware tools to affiliates, broadening the scale and speed of attacks.

APAC Trends Reflect Rising Cyber Pressure

In the APAC region, ransomware activity is being influenced not only by technological vulnerabilities but also by geopolitical dynamics. The report observed that ransomware groups are timing their attacks around periods of regional instability, aiming for maximum disruption. The construction, technology, and manufacturing sectors in countries like India, Singapore, and Taiwan are bearing the brunt.

Among threat actors, Qilin emerged as the most prolific group in the region, leading with 32 attacks using RaaS campaigns. Meanwhile, RansomHub and NightSpire focused on critical infrastructure, particularly targeting technology vendors and telecom providers that serve Indian enterprises.

Global Landscape: Alarming Consolidation

Globally, ransomware activity jumped 54% year-over-year, with 3,201 incidents recorded in H1 2025 alone. Alarmingly, just three operators—CL0P, Akira, and Qilin—accounted for 34% of all known attacks, indicating a dangerous consolidation of technical capabilities and global reach among elite ransomware actors.

Join the community of 2M+ industry professionals.

Subscribe to Newsletter to get latest insights & analysis in your inbox.

All about ETCISO industry right on your smartphone!