New Delhi, April 14
India has emerged as the Asia-Pacific epicentre of ransomware activity, with manufacturing organisations witnessing a sharp rise in both the frequency and impact of cyberattacks, according to the 'Manufacturing Threat Landscape 2025' report.
The report highlighted that globally, attacks on manufacturers increased significantly by 56 per cent, rising from 937 incidents in 2024 to 1,466 in 2025, as threat actors increasingly focus on disrupting operations and exploiting supply chains rather than just stealing data.
The report quoted that "India has emerged as the Asia-Pacific epicentre of ransomware activity, with manufacturing organisations witnessing a marked rise in both frequency and impact. According to the Exposure Management Research report, for the full year of 2025, 65 per cent of affected Indian organisations paid ransoms, with average payouts reaching USD 1.35 million."
It also shared that India recorded 201 ransomware incidents, making it one of the most targeted regions, reflecting its growing industrial scale and rapid digitalisation.
While the United States reported the highest number of incidents at 713, similar trends were observed across Europe and the UK, where attacks have disrupted sectors such as automotive, aerospace, and logistics.
It further highlighted the intensity of cyber threats, noting that industrial manufacturing organisations in India faced up to 2,786 cyberattacks per week over the past six months.
Ransomware remained the primary attack vector, accounting for 890 incidents in the manufacturing sector. However, attack methods are becoming more sophisticated and diverse.
Exploited vulnerabilities accounted for 32 per cent of attacks, particularly targeting legacy systems and internet-facing applications. Phishing campaigns made up 23 per cent, with increasing use of AI to create highly personalised attacks.
Other entry points included compromised credentials traded on the dark web, as well as supply chain and remote access vulnerabilities that allow attackers to move across IT and operational technology environments.
The report noted that cyberattacks are evolving beyond traditional encryption-based ransomware to include data exfiltration, extortion-only models, and direct disruption of operations.
It also highlighted that the manufacturing remains particularly vulnerable due to several structural challenges. These include legacy operational technology infrastructure such as PLCs (Programmable Logic Controllers), SCADA (Supervisory Control and Data Acquisition), and IoT (Internet of Things), which were not designed with modern cybersecurity measures.
Expanding supply chains have also created additional entry points for attackers, while the rise of ransomware-as-a-service models has enabled cybercriminals to scale their operations rapidly.
The sector is now being targeted by both financially motivated ransomware groups and geopolitically aligned actors.
Groups such as Akira, Qilin, and Play ransomware have been actively targeting manufacturing networks, while hacktivist and state-linked groups, including NoName057(16) and China-linked actors, are engaging in denial-of-service attacks and operational disruption.
Looking ahead, the report warned that cyber threats targeting manufacturing are expected to intensify in 2026, driven by AI-enabled attack automation, faster execution cycles, and a growing focus on data extortion.
- ANI
Reader Comments
We welcome thoughtful discussions from our readers. Please keep comments respectful and on-topic.