Cyble Report Warns of Rising Ransomware Threats in India, Asia

India and the Asia-Pacific region remain firmly in the crosshairs of global ransomware groups, according to Cyble’s Monthly Threat Landscape Report: July 2025. The report showed a steady escalation in cyberattacks, with India witnessing notable incidents of data exfiltration and ransomware targeting critical industries.

Key India and Asia Findings

1. India under attack: The Warlock ransomware group leaked sensitive data from an India-based manufacturing company. The stolen files included HR records, financial data, design software archives, and internal employee repositories, underscoring the growing risks to India’s industrial sector.
2. Dark Web exposure: Threat actors on underground forums leaked data from two Indian companies — a technology consulting platform and a subscription-based SaaS application. Stolen information included campaign data, customer details, payment records, IP addresses, and server usage logs.
3. Telecom sector compromise: Unauthorized access to the network infrastructure of an Indian telecommunications company was offered for sale at US$35,000 on cybercrime forums. The offer included credentials, CLI access, and operational network details.
4. Regional hot zones: In Asia, Thailand, Japan, and Singapore topped the ransomware victim list with six each, followed closely by India and the Philippines. Critical infrastructure, government agencies, and manufacturing were among the most impacted industries.
5. Hacktivism in South Asia: Pro-India hacktivist group Team Pelican Hackers claimed responsibility for breaching two major Pakistani institutions, allegedly exposing sensitive academic and administrative datasets tied to national research and development.

Notable Global Highlights

While India and Asia face rising threats, the report also underscores worrying global patterns:

1. 423 ransomware victims in July 2025: The U.S. accounted for over half (223), followed by Canada and European countries like Italy, the UK, and Germany.
2. Qilin ransomware dominance: The group topped global charts with 73 victims (17%), followed by INC Ransom with 59, targeting critical infrastructure and IT firms.
3. Critical infrastructure under siege: Cyble sensors tracked more than 1,000 daily attacks on U.S. industrial control systems (ICS/OT). The UK, Vietnam, China, Singapore, and Hong Kong also reported high targeting rates.
4. Hacktivist disruptions: Europe saw persistent campaigns from pro-Russian groups despite takedowns, while Aeroflot and Taiwanese energy systems suffered major hacktivist-driven intrusions.
5. Zero-day marketplace booming: Dark web actors actively traded exploits, including for WinRAR and major VPN providers, with prices ranging from USD $80,000 to 1 BTC.

“India’s manufacturing, telecom, and SaaS sectors are fast-emerging prime targets for ransomware groups and dark web actors. As adversaries innovate with new variants and attack vectors, Indian enterprises must strengthen resilience by prioritizing vulnerabilities, securing supply chains, and protecting critical infrastructure,” said Daksh Nakra, Senior Manager for Research and Intelligence at Cyble.