India remains one of the most targeted countries globally for cyberattacks, accounting for 31% of all ransomware detections in 2025, according to the latest Acronis Cyberthreats Report H2 2025: From exploits to malicious AI. The report, based on telemetry from the Acronis Threat Research Unit (TRU) and global sensor data, outlines the growing impact of AI-enabled cybercrime and evolving threat patterns across industries.
India ranked second worldwide behind the United States in ransomware detections and was among the top ten countries with publicly disclosed ransomware victims, recording 129 cases. The report also highlighted high levels of lateral movement activity and large-scale internal propagation incidents within Indian networks, suggesting attackers are becoming more sophisticated in expanding access after initial breaches.
Rising attack volumes and new threat vectors
Global cyberattacks continued to rise sharply through 2025. Email-based attacks increased by 16% per organisation and 20% per user year-on-year, while phishing remained the primary entry point, accounting for 52% of attacks targeting managed service providers (MSPs). Threat actors also increasingly targeted collaboration platforms, with advanced attacks rising from 12% in 2024 to 31% in 2025.
Key trends identified in the report include:
- PowerShell abuse emerging as the most exploited legitimate tool globally.
- Phishing dominance, accounting for 83% of email threats in the second half of 2025.
- High-risk MSP vulnerabilities, with all disclosed MSP-platform CVEs rated High or Critical.
- Operational use of AI, enabling automation across reconnaissance, negotiation, and social engineering.
- Sector exposure, with manufacturing, technology, and healthcare among the most targeted industries.
AI reshaping the cybercrime landscape
The report highlights a surge in AI-assisted attacks, with threat actors using automation to scale reconnaissance, optimise ransomware negotiations, and create convincing social engineering tactics. Incidents such as AI-generated “proof-of-life” images in virtual kidnapping scams demonstrate how adversaries are leveraging emerging technologies to increase psychological pressure and operational efficiency.
Gerald Beuchelt, Chief Information Security Officer at Acronis, noted that cybercriminals are increasingly integrating AI into attack workflows, requiring organisations to move toward automated, resilient defence strategies capable of countering both traditional and AI-driven threats.
Ransomware and supply chain risks persist
Ransomware activity remained a dominant risk vector in 2025, with nearly 150 MSP and telecom organisations targeted and more than 7,600 victims publicly disclosed worldwide. Groups such as Qilin, Akira, and Cl0p were among the most active threat actors. Supply chain attacks also continued to rise, with remote management tools such as AnyDesk and TeamViewer exploited in campaigns affecting more than 1,200 third-party organisations.
The findings underscore the need for enterprises to strengthen cyber resilience through proactive threat detection, automated response frameworks, and enhanced security governance as AI-driven attacks become more sophisticated.