MUMBAI: India’s cybersecurity defences are getting a serious stress test, hackers aren’t just knocking on the door anymore, they’re moving in, redecorating, and throwing a ransomware party before anyone notices. Acronis, the global cybersecurity and data protection firm, dropped its biannual Cyberthreats Report for H2 2025 (titled “From exploits to malicious AI”) on 18 February 2026, drawing from telemetry across over one million endpoints via its Threat Research Unit and sensors.

The standout alarm for India: it claimed second place worldwide for ransomware detections trailing only the US with a hefty 31 per cent of all global detections. It also cracked the top 10 for publicly identified ransomware victims, logging 129 cases where organisations went public. More worryingly, India topped charts for lateral movement and mass infection activity, including the planet’s largest internal propagation incidents. Attackers aren’t content with breaching the perimeter; they’re spreading like wildfire inside networks, amplifying disruption and business pain.

Globally, cyberattacks kept climbing in 2025. Email-based threats rose 16 per cent per organisation and 20 per cent per user year-on-year, while phishing stayed king, driving 83 per cent of email threats in the second half and serving as the entry point for 52 per cent of attacks on managed service providers (MSPs). Attacks on collaboration platforms exploded from 12 per cent in 2024 to 31 per cent in 2025, turning tools like Teams and Slack into prime secondary vectors.

Advertisement

Other red flags from the report:

Powershell abuse ruled as the most misused legitimate tool, especially in Germany, the US, and Brazil.

All MSP-platform CVEs disclosed in 2025 earned High or Critical ratings.

Advertisement

AI turned operational for crooks: used for reconnaissance, ransomware negotiations (e.g., Global Group automating chats across victims), data exfiltration (GTG-2002 style), and even chilling social engineering like AI-generated “proof of life” images in virtual kidnapping scams.

Hotspots included India, the US, and the Netherlands for mass infections and lateral hops; South Korea led malware hits at 12% of users affected.

Ransomware favourites targeted manufacturing, technology, and healthcare sectors crippled by uptime demands. Top groups: Qilin (962 victims), Akira (726), Cl0p (517). Nearly 150 MSPs and telcos hit directly; over 7,600 public victims worldwide, with the US suffering 3,243. Newcomers Sinobi, TheGentlemen, and CoinbaseCartel joined the fray in H2.
Supply-chain woes persisted too, RMM tools like AnyDesk and TeamViewer got exploited, affecting over 1,200 third parties globally, with the US taking 574 hits. Akira and Cl0p led here again.

Advertisement

Acronis CISO Gerald Beuchelt summed it up bluntly, “As cyber threats evolve at an accelerated pace, 2025 has shown that attackers are not only scaling traditional methods like phishing and ransomware, but are leveraging AI to act faster, more efficiently, and at greater scale. This shift requires organisations to anticipate threats, automate defences, and build resilient systems capable of withstanding both traditional and AI-driven attacks.”

For Indian businesses, the message is clear: the threat landscape isn’t just heating up, it’s gone full inferno, with AI fanning the flames. Time to upgrade those digital fire extinguishers before the next breach burns brighter.

Advertisement