Cybercriminals have adapted their tactics, widening their targets to include small businesses, government entities, and individuals
With a rapidly expanding digital landscape and rising dependence on technology, India has become a prime target for ransomware attacks. As the world’s fifth-largest economy, India faces an urgent ransomware threat driven by widespread adoption of insecure technologies—a fact that cybercriminals have increasingly taken advantage of.
Small and medium-sized businesses (SMBs) are among the most vulnerable, with 53 per cent of Indian SMBs experiencing ransomware attacks in 2023, according to a Kaspersky report. Between April and May alone, India recorded 559 million ransomware attacks against SMBs, the most targeted segment in the country. This past July, an attack forced over 300 small Indian banks offline, leaving millions of rural and urban customers unable to access essential financial services. For a country where digital banking and online transactions are fast becoming everyday essentials, these disruptions carry severe consequences.
Cybercriminals have adapted their tactics, widening their targets to include small businesses, government entities, and individuals. These attacks have also come at a significant cost, draining billions from the economy annually as organisations work to recover data and restore operations. Meanwhile, repeated attacks undermine public trust as cybersecurity teams struggle to keep up with the rising tide of incidents.
Rising Scale & Impact of Ransomware Attacks In India
The frequency of ransomware attacks in India has surged. Data from CERT-In (Indian Computer Emergency Response Team) shows that ransomware incidents rose by 51 per cent in 2023, highlighting the lucrative nature of these attacks for cybercriminals. Individuals, too, have been increasingly targeted, with attacks on personal devices climbing by 22 per cent in the first half of 2023, and more devices continuing to come online.
Who’s Behind Ransomware Threat?
A mix of international and local cybercrime groups fuels India’s ransomware ecosystem. Some of the most active groups in India include Kryptina, FIN7, and Mallox. Mallox, notorious for targeting Microsoft SQL databases, poses a significant challenge for Indian businesses that rely on Microsoft’s infrastructure for daily operations. The group’s activities in India have continued, although attacks slowed somewhat between 2023 and 2024.
Other groups like RansomHub and LockBit (3.0) have sustained operations in India, often using sophisticated ransomware-as-a-service (RaaS) models. Emerging groups such as Kill Security and Cloak (ARCrypter) have also targeted Indian entities, including government agencies and law enforcement, adding to the country’s cybersecurity challenges.
In 2023, ransomware attacks on Indian businesses led to substantial financial losses, with an average ransom demand of dollar4.8 million (about Rs 40 crore) per incident and recovery costs exceeding dollar 1.35 million (above Rs 11 crore). These figures don’t even account for hidden costs such as downtime, lost data, or reputational damage. For SMBs, recovering from these costs alone can be overwhelming, pushing some to pay ransoms even without a guarantee that their data will be restored.
The Indian financial sector, in particular, has been a frequent target. This year, a ransomware attack forced the National Payment Corporation of India (NPCI), which operates the country’s digital payment systems, to briefly shut down some systems. Beyond the financial implications, such incidents erode public confidence in India’s push toward a digital-first economy.
Turning To AI For Cybersecurity
As ransomware attacks grow in scale and complexity, traditional cybersecurity methods are proving inadequate. Indian companies are now increasingly turning to artificial intelligence (AI) for help in detecting and mitigating ransomware threats. AI-driven cybersecurity tools can analyse vast amounts of data in real time, identifying unusual patterns and potential threats more efficiently.
Lenovo’s recent launch of AI-powered cybersecurity features in its PCs exemplifies how this technology is becoming accessible to the broader public. According to a recent survey, 71 per cent of Indian retailers have adopted or plan to adopt AI-driven cybersecurity solutions in the next year, while 59 per cent of enterprises already use such tools. AI is particularly valuable for detecting ransomware quickly and helping Indian companies stay ahead in an escalating cyber arms race.
Government & Private Sector Response
India’s government and private sector are working to build resilience against cyber threats. A notable example is India’s Cyber Commando initiative, which aims to recruit top cybersecurity experts for a centralised government approach. This initiative will rely on data from both public and private sources to counter cyber threats more effectively.
With billions of rupees at stake, however, it’s clear that neither individuals nor organisations can afford to wait for the full implementation of India’s five-year cybersecurity plan. Public education about ransomware and AI-driven cybersecurity tools is essential, enabling both businesses and citizens to make informed decisions and bolster digital security in real time.
India stands at a critical juncture in its fight against ransomware. As cybercriminal groups grow more sophisticated, ensuring robust cybersecurity for Indian businesses and individuals is an increasingly urgent task. While AI offers promise, meaningful security will require a concerted effort from both the government and private sector to address and mitigate the growing threat of ransomware in a digitally evolving nation.
