India Remains Among Top Targets Of Global Ransomware Groups
Cyble's threat landscape report offers details of key attacks on Indian companies.
Cybersecurity solutions player Cyble has just released its latest monthly threat landscape report that reflects a steady escalation in cyberattacks, with India witnessing notable incidents of data exfiltration and ransomware targeting critical industries. According to the report, this indicates that India and the APAC region remain firmly in the crosshairs of global ransomware groups.
Some of the key findings from the report include:
The Warlock ransomware group leaked sensitive data from an India-based manufacturing company. The hacked files included HR records, financial data, design software archives, and internal employee repositories, underscoring the growing risks to India’s industrial sector.
Threat actors on underground forums leaked data from two Indian companies — a technology consulting platform and a subscription-based SaaS application. Stolen information included campaign data, customer details, payment records, IP addresses, and server usage logs.
Unauthorised access to the network infrastructure of an Indian telecommunications company was offered for sale at $35,000 on cybercrime forums. The offer included credentials, CLI access, and operational network details.
Critical infrastructure, government agencies, and manufacturing were among the most impacted industries when it came to ransomware.
“India’s manufacturing, telecom, and SaaS sectors are fast-emerging prime targets for ransomware groups and dark web actors. As adversaries innovate with new variants and attack vectors, Indian enterprises must strengthen resilience by prioritising vulnerabilities, securing supply chains, and protecting critical infrastructure,” said Daksh Nakra, senior manager for research and intelligence at Cyble.
While India and Asia face rising threats, the report also underscored worrying global patterns:
Qilin Ransomware Dominance: The group topped global charts with 73 victims (17%), followed by INC Ransom with 59, targeting critical infrastructure and IT firms.
Critical Infrastructure Under Siege: Cyble sensors tracked more than 1,000 daily attacks on US industrial control systems (ICS/OT). The UK, Vietnam, China, Singapore, and Hong Kong also reported high targeting rates.
Hacktivist Disruptions: Europe saw persistent campaigns from pro-Russian groups despite takedowns, while Aeroflot and Taiwanese energy systems suffered major hacktivist-driven intrusions.
Zero-Day Marketplace Booming: Dark web actors actively traded exploits, including for WinRAR and major VPN providers, with prices ranging from $80,000 to 1 BTC.
