Ransomware Activity in India Surges 165% Year-over-Year as Cybercriminals Intensify Attacks on Manufacturing, IT, BFSI, and Critical Infrastructure Sectors Across APAC
Cyble Research and Intelligence Labs (CRIL) today released its Asia and Pacific Threat Landscape Report for Q1 2026, revealing a significant escalation in cyber threats across the region. The report identified 277 major cyber incidents during the quarter, including ransomware attacks, compromised access sales, data breaches, vulnerability exploitation, and hacktivist campaigns impacting organizations across Asia and the Pacific.
India emerged as the most targeted country in the APAC region for ransomware attacks, recording 45 incidents during Q1 2026 — representing a 165% increase compared to Q1 2025 and a 55% rise over the previous quarter.
“Q1 2026 demonstrated how rapidly the cyber threat landscape across APAC is evolving, with ransomware operators, access brokers, and hacktivist groups executing attacks at unprecedented scale,” said Daksh Nakra, Senior Manager of Research and Intelligence at Cyble. “India’s sharp rise in ransomware activity reflects how threat actors are aggressively targeting digitally expanding economies and critical business sectors where operational disruption can generate maximum financial and strategic impact.”
Key Findings
India Emerges as the Most Targeted Country in APAC
- India recorded 45 ransomware attacks in Q1 2026 — the highest across the Asia-Pacific region
• Ransomware incidents in India increased 165% compared to Q1 2025
• Key sectors targeted in India included IT, Manufacturing, Healthcare, BFSI, Automotive, and Professional Services
• India faced attacks from multiple ransomware groups including The Gentleman, Sinobi, Vect, Tengu, and CL0P
The report identified widespread “spray-and-pray” ransomware campaigns across India, where attackers opportunistically targeted multiple sectors simultaneously to maximize operational disruption and financial gain.
Ransomware Continues to Dominate the APAC Threat Landscape
- CRIL observed 238 ransomware attacks across APAC during Q1 2026
• The Gentleman group accounted for nearly 24% of all ransomware incidents
• Qilin and INC Ransom remained among the most active ransomware operators
• Manufacturing and IT & ITES sectors emerged as the most heavily targeted industries
The report also highlighted a growing trend where multiple ransomware groups repeatedly targeted the same organizations after initial compromises became publicly exposed.
Compromised Access Sales and Data Breaches Continue to Rise
- 20 incidents involving the sale of unauthorized enterprise access were observed during the quarter
• Retail and Professional Services sectors accounted for 50% of compromised access incidents
• Government and law enforcement organizations experienced the highest number of data breach incidents
• Indian organizations were repeatedly referenced in underground access sales and leaked data listings
One notable incident involved the sale of administrator-level database access to a billion-dollar Indian construction company, where threat actors claimed access to more than 44 GB of sensitive data.
Exploitation of Critical Vulnerabilities Accelerates
Threat actors increasingly exploited critical vulnerabilities affecting enterprise management platforms, network appliances, collaboration tools, and cloud-connected infrastructure.
The report highlighted active exploitation of high-severity vulnerabilities, including the Ivanti Endpoint Manager Mobile zero-day (CVE-2026-1340), alongside multiple critical flaws affecting Cisco, SolarWinds, Dell, Fortinet, Microsoft, and Citrix technologies.
Hacktivism and Geopolitical Cyber Activity Intensify Across the Region
Hacktivist activity surged across Southeast Asia during Q1 2026, with CRIL observing nearly 498 posts related to data leaks and dumps impacting approximately 3,600 domains.
Several threat groups focused heavily on the Indian subcontinent, conducting website defacements, DDoS attacks, and information operations targeting organizations across government, telecommunications, media, and commercial sectors.
