Acronis Cyberthreats Report H2 2025 reveals surging AI‑driven cybercrime, rise in phishing, and growing lateral movement attacks across Indian enterprises
India remained one of the most aggressively targeted nations by cybercriminals in 2025, ranking second globally just behind the United States with a staggering 31% share of all ransomware detections, according to the newly released Acronis Cyberthreats Report H2 2025. Based on telemetry from the Acronis Threat Research Unit (TRU), the report underscores a sharp escalation in both the frequency and sophistication of cyberattacks affecting Indian organizations.
India also appeared among the top 10 countries with the highest number of publicly disclosed ransomware victims, with 129 confirmed cases. Particularly troubling is India’s rate of lateral movement and mass infection activity the highest globally indicating that attackers are not only breaching networks but moving more strategically and scaling internal compromise to maximize business disruption.
“Attackers are increasingly integrating AI into their operations, so the cybersecurity landscape is entering a new era—one that demands automation, anticipation, and resilience.”
— Gerald Beuchelt, CISO, Acronis
Email-based attacks surged significantly, increasing 16% per organization and 20% per user year-over-year. Phishing remained the dominant vector, accounting for 52% of attacks targeting managed service providers (MSPs). In parallel, advanced threats targeting collaboration platforms such as messaging and productivity tools jumped from 12% in 2024 to 31% in 2025, marking them as a rapidly expanding secondary attack surface.
Key global threat patterns identified in the report include widespread abuse of PowerShell for post-exploitation, critical vulnerabilities affecting MSP platforms, and a dramatic leap in AI-assisted cybercrime. Threat actors used AI to automate reconnaissance, negotiate ransomware payments, enhance social engineering, and even generate “proof-of-life” imagery for virtual kidnapping scams.
Ransomware groups remained dominant, with more than 7,600 global victims disclosed in 2025. The most active groups included Qilin, Akira, and Cl0p. Manufacturing, technology, and healthcare sectors were among the most frequently targeted.
“Attackers are scaling traditional methods like phishing and ransomware with AI-enabled speed and precision,” said Beuchelt. “Organizations must strengthen detection, automate their defenses, and prepare for this new era of AI-driven attacks.”