India, Asia-Pacific face surge in ransomware and cyberattacks: Cyble

Cyble’s July 2025 threat report reveals India and Asia-Pacific as key ransomware targets, with manufacturing, telecom, and SaaS sectors facing escalating cyber risks

Ransomware groups continue to intensify their focus on India and the wider Asia-Pacific region, according to Cyble’s Monthly Threat Landscape Report: July 2025. The study highlights escalating attacks on critical industries, data exfiltration, and growing exposure on the dark web.

India faces rising cyber pressures

The report revealed multiple high-profile incidents impacting Indian enterprises. The Warlock ransomware group leaked confidential data from a domestic manufacturing firm, including HR files, financial records, and employee repositories. In parallel, cybercriminals on underground forums exposed stolen data from two Indian organisations—a technology consulting company and a SaaS platform—comprising customer details, payment information, and server usage logs.

In another concerning case, access to the network infrastructure of an Indian telecommunications provider was offered for sale on cybercrime marketplaces for US$35,000. The credentials reportedly included operational details and administrative access, underscoring the risks facing India’s telecom sector.

Regionally, Thailand, Japan, and Singapore recorded the highest number of ransomware victims with six each, while India and the Philippines followed closely. Manufacturing, government, and critical infrastructure emerged as the most targeted sectors. Adding to the volatility, pro-India hacktivist collective Team Pelican Hackers claimed responsibility for compromising Pakistani institutions, leaking academic and administrative datasets tied to national research programs.

Global trends show expanding threats

Cyble’s research also identified 423 ransomware victims worldwide in July 2025, with the United States accounting for more than half. Canada, Italy, the UK, and Germany followed. Qilin ransomware was the most active group, claiming 73 victims, while INC Ransom targeted 59 organisations.

Industrial control systems (ICS/OT) in the U.S. endured more than 1,000 daily attacks, while nations including Vietnam, China, Singapore, and Hong Kong also reported significant targeting of critical infrastructure. Hacktivism remained a concern in Europe, where pro-Russian groups persisted despite takedown efforts, and major disruptions were reported at Aeroflot and Taiwan’s energy sector.

Dark web marketplaces further fuelled the threat landscape, with zero-day exploits for VPN services and WinRAR fetching up to one Bitcoin.

“India’s manufacturing, telecom, and SaaS sectors are fast-emerging prime targets,” said Daksh Nakra, Senior Manager for Research and Intelligence at Cyble. “Enterprises must strengthen resilience by addressing vulnerabilities, securing supply chains, and prioritising critical infrastructure protection.”