In the first half of 2025, ransomware attacks in India continued to impact a small but significant number of organizations, following a global trend where cybercriminals focus on high-value targets rather than widespread attacks.
According to a Kaspersky report, only 0.28% of enterprise users in India were affected by ransomware during this period. Although the percentage appears low, it reflects how attackers choose their victims carefully — targeting companies that can pay large ransoms instead of spreading malware randomly.
Top 5 Ransomware Families Targeting Indian Businesses
Kaspersky identified the top ransomware families currently attacking Indian enterprises of all sizes:
- Trojan-Ransom.Win32.PolyRansom
- Trojan-Ransom.Win32.Gen
- Trojan-Ransom.Win32.Wanna
- Trojan-Ransom.Win32.Encoder
- Trojan-Ransom.Win32.Phny
These ransomware programs lock or encrypt data on infected computers, making it unusable until a ransom is paid. Victims usually receive a message demanding payment — often in cryptocurrency — in exchange for restoring access to their systems.
Over 2 Lakh Ransomware Attempts Blocked in 2024
Kaspersky revealed that Indian organizations faced 665 ransomware attempts daily in 2024, totaling 243,548 blocked attacks through its cybersecurity solutions. This shows how ransomware continues to evolve and remain a serious threat despite improved awareness and security measures.
Jaydeep Singh, General Manager for India at Kaspersky, warned that new AI-powered ransomware gangs like FunkSec are reshaping the cyber threat landscape.
“By using AI-generated code and low-cost, high-volume tactics, these groups are outpacing traditional ransomware operators. They’re expanding into critical sectors like government, finance, technology, and education,” he added.
As AI and automation become more common, ransomware attacks are becoming faster, cheaper, and harder to detect — posing greater risks to India’s digital economy. Singh emphasized that timely threat intelligence is key for companies to anticipate attacks and build stronger cyber defenses.
How Indian Businesses Can Stay Protected from Ransomware
To reduce the risk of ransomware, Kaspersky experts recommend the following best practices for organizations:
- Enable ransomware protection on all devices.
- Use tools like Kaspersky Anti-Ransomware Tool for Business, which protects computers and servers against ransomware and exploits.
- Keep all software updated.
- Regular updates prevent hackers from exploiting known security vulnerabilities.
- Monitor for suspicious activity.
- Watch for data exfiltration or unusual outgoing traffic that may signal a breach.
- Keep offline data backups that attackers cannot access.
- Use advanced cybersecurity tools.
- Deploy anti-APT and EDR/XDR solutions for early detection, investigation, and quick recovery.
- Provide your SOC teams with the latest threat intelligence and regular training.
- Stay informed.
- Use updated threat intelligence reports to understand attacker tactics and protect against future threats.
As India’s digital transformation accelerates, the threat of ransomware is growing more complex. Businesses must invest in proactive cybersecurity, adopt AI-driven protection tools, and prioritize employee awareness to build long-term resilience.
