Ransomware remains the leading threat to businesses; attackers increasingly use AI for low-effort, high-reward campaigns targeting MSPs, manufacturers, and collaboration platforms
Acronis, a global leader in cybersecurity and data protection, has released its Cyberthreats Report H1 2025, revealing alarming trends in the global threat landscape. The report highlights India as the most targeted country worldwide, with 12.4% of monitored endpoints affected, underscoring the nation’s growing exposure to AI-powered phishing, impersonation, and ransomware attacks.
The report, based on data from over 1 million unique Windows endpoints globally, shows that ransomware remains the top threat to large and midsized businesses. Attackers are increasingly leveraging AI to automate social engineering and business email compromise (BEC) attacks, making them more convincing and harder to detect.
“India’s digital economy is expanding rapidly, but with that growth comes an expanded attack surface,” said Rajesh Chhabra, General Manager, India & South Asia at Acronis.
“India’s digital economy is expanding rapidly, but with that growth comes an expanded attack surface,” said Rajesh Chhabra, General Manager, India & South Asia at Acronis. “AI is empowering cybercriminals to operate at scale and with higher precision. Enterprises must transition from reactive to behavior-based security models to protect their infrastructure and data.”
Key Findings from the Report:
- Ransomware Dominance: Publicly known ransomware victims increased by nearly 70% compared to 2023 and 2024. Groups like Cl0p, Akira, and Qlin were the most active.
- AI-Driven Social Engineering: Social engineering and BEC attacks rose from 20% to 25.6%, driven by AI-generated impersonations and deepfakes. Malware was found in 1.47% of Microsoft 365 email backups.
- MSPs Under Siege: Phishing accounted for 52% of attacks on Managed Service Providers (MSPs), up from 30% in 2024, while RDP-based attacks declined sharply.
- Collaboration Apps Targeted: Phishing incidents on platforms like Microsoft Teams and Slack surged from 9% to 30.5%, with 25% involving AI-generated deepfakes or automated exploits.
- Manufacturing Sector Most Targeted: Representing 15% of ransomware cases, followed by retail, food & beverage (12%), and telecom/media (10%).
Implications for Indian Enterprises:
The report warns that Indian industries, especially manufacturing and infrastructure, are at heightened risk due to their strategic importance under the Make in India initiative. The surge in advanced email threats — including payload-less and spoofed attacks — from 9% to 24.5%, calls for adaptive, AI-informed cybersecurity frameworks.
Additionally, attackers are exploiting Remote Monitoring and Management (RMM) tools, with TeamViewer being the most targeted. 4.56% of global Acronis customers still use unpatched versions, posing a serious risk to India’s expanding IT services sector.
“Even the least sophisticated attackers today have access to advanced AI capabilities,” said Gerald Beuchelt, CISO at Acronis.“To survive in this threat landscape, organizations must adopt holistic cyber protection strategies that integrate advanced detection, response, and recovery capabilities.”
