India Top APAC Target in Global Ransomware Surge

Cyble, a vendor in the threat intelligence and cybercrime monitoring space, has released its Global Threat Landscape Report: H1 2025, revealing a sharp rise in ransomware and supply chain attacks across the world—with India emerging as one of the most targeted nations in the APAC region. The report also highlights a dangerous consolidation of capabilities of criminal syndicates behind some of these attacks.

According to the report, India recorded 21 ransomware attacks in the first half of 2025, placing it behind only Taiwan and Singapore in regional rankings. The primary industry sectors under threat were Information Technology, BFSI (Banking, Financial Services, and Insurance), and Manufacturing.

“India's growing digital economy makes it a lucrative target for cybercriminals. Ransomware groups are actively exploiting sector-specific vulnerabilities and regional tensions,” said Beenu Arora, CEO and Founder of Cyble. “Our data shows a marked increase in precision targeting—especially by ransomware gangs like Qilin, RansomHub, and Medusa—who are treating Indian firms as high-value victims.”

Key APAC highlights from the report reveal that:

 · Taiwan (37), Singapore (32), and India (21) were the most targeted countries in APAC.

· Qilin led the region with 32 attacks, often deploying affiliate-driven, Ransomware-as-a-Service (RaaS) campaigns.

· RansomHub and NightSpire targeted Construction, Manufacturing, and Technology firms.

· APAC ransomware groups are leveraging geopolitical conflicts and regional instability to time attacks with maximum disruption.

· A growing trend in supply chain attacks was observed—especially against technology and telecom vendors serving Indian enterprises.

· Globally, the report tracks a 54% year-over-year increase in ransomware attacks, totaling 3,201 incidents in H1 2025. Just three ransomware operators—CL0P, Akira, and Qilin—were responsible for 34% of all known incidents, showing a dangerous consolidation of capabilities.