Ransomware Assaults: Precision Targeting of Indian Businesses

In the first half of 2025, ransomware continued to impact a relatively small portion of business users in India, consistent with global trends that reflect ransomware attackers’ deliberate targeting of high-value organisations rather than indiscriminate mass attacks.

While only 0.28% of Kaspersky enterprise users were hit by this threat, the seemingly small percentage is typical for ransomware and is explained by the fact that attackers often don’t distribute this type of malware on a mass scale, but prioritize high-value targets, which reduces the overall number of incidents.

The global cybersecurity company also revealed the top 5 ransomware families eyeing enterprises of various sizes in India. This includes:

Trojan-Ransom.Win32.PolyRansom
Trojan-Ransom.Win32.Gen
Trojan-Ransom.Win32.Wanna
Trojan-Ransom.Win32.Encoder
Trojan-Ransom.Win32.Phny
These types of Trojans modify data on the victim computer so that the victim can no longer use the data, or it prevents the computer from running correctly. Once the data has been “taken hostage” (blocked or encrypted), the user will receive a ransom demand. The ransom demand tells the victim to send the malicious user money; on receipt of this, the cybercriminal will send a program to the victim to restore the data or restore the computer’s performance.

Earlier this year, Kaspersky also revealed that Indian organisations faced an average of 665 ransomware attempts per day throughout 2024, totaling 243,548 blocked attacks by Kaspersky’s cybersecurity solutions last year.

“The rise of AI-powered ransomware groups like FunkSec is a clear signal of what lies ahead for India’s cyber threat landscape. By using AI-generated code and adopting low-cost, high-volume tactics, these groups are not only outpacing traditional ransomware operators but also expanding their reach into critical sectors such as government, finance, technology, and education,” comments Jaydeep Singh, General Manager for India at Kaspersky.

“For India, where digital adoption is accelerating at an unprecedented pace, the implication is clear, ransomware will become faster, cheaper, and far more difficult to detect. This makes timely, high-quality threat intelligence indispensable for Indian organizations, enabling them to anticipate attacker behavior, strengthen resilience, and respond decisively. Without this proactive approach, ransomware could shift from being a contained risk to a disruptive force in the country’s digital economy,” he adds.

To stay protected from ransomware attacks, Kaspersky experts recommend organizations follow these best practices to safeguard from ransomware:Enable ransomware protection for all endpoints.
Always keep software updated on all the devices you use to prevent attackers from exploiting vulnerabilities and infiltrating your network.
Focus your defense strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to outgoing traffic to detect cybercriminals’ connections to your network. Set up offline backups that intruders cannot tamper with. Make sure you can access them quickly when needed or in an emergency.
Install anti-APT and EDR solutions, enabling capabilities for advanced threat discovery and detection, investigation and timely remediation of incidents. Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training.
Use the latest Threat Intelligence information to stay aware of the actual Tactics, Techniques, and Procedures (TTPs) used by threat actors.
To protect the company against a wide range of threats, use solutions that provide real-time protection, threat visibility, investigation and response capabilities of EDR and XDR for organizations of any size and industry. Depending on your current needs and available resources, you can choose the most relevant product tier and easily migrate to another one if your cybersecurity requirements are changing.