Recent Cyber Attacks in India (2025–2026): Major Breaches Every Business Should Know
You know things have shifted when a stockbroker with millions of users gets breached the same month a listed textile company does. Both happened this year, not decades apart, just months.
Recent cyber attacks in India keep landing on different industries every few weeks. Check Point clocked 3,195 attacks a week per Indian organization in 2025, up from the year before, and there’s no sign of it dropping anytime soon.
Last year alone, CERT-In had to deal with 29.44 lakh incidents. Nearly three million, yeah, that’s not a typo.
Add in 1,530 alerts and 65 advisories, each highlighting potential cyber threats.
Cybersecurity Threats in India are becoming more organized, with attackers targeting vendor logins and cloud environments. These India Cybersecurity Incidents reflect broader Cybersecurity Trends India across industries.
A Few Ransomware Cases Worth Knowing About
Tata Technologies, January 2025. Took a ransomware hit. Internal systems mostly, and services came back online within a reasonable window.
Raymond Ltd, February 2025. Caught unauthorized access and isolated the affected assets fast enough that customers apparently never noticed anything was wrong.
ICICI Bank, January 2025. The situation is murkier: the BASHE group claimed they’d siphoned data through a vendor portal, but the bank hasn’t confirmed anything publicly, so take that one with a grain of salt for now.
Angel One, February 2025. The brokerage’s dark-web monitoring partner flagged unauthorized access to its AWS setup, and it turned out 8 million users’ personal data had been exposed. Client funds remained unaffected.
CERT-In logged 806 incidents in 2025, which is small next to the malware numbers below, but Phishing attacks in India don’t need volume.
One employee clicking a malicious link.
Fake bank portals, spoofed government sites, and scam text messages remain common, especially during tax and festival seasons.
Banking, e-commerce, and fintech platforms absorb most of it.
Then There’s Malware, Quietly Doing Its Thing
Over 369 million detections in a single year, and botnets alone reached 17.5% of organizations, almost double the global average of 10.2%.
A lot of it arrives through malicious installers or fake software updates.
Nothing dramatic about it, just steady erosion, which is why cyber crime in India mixes technical tricks with social engineering.
So Who’s Actually Getting Hit
The same sectors keep getting hit.
Banks and financial firms are still absorbing most of the Ransomware Attacks in India and vendor-related hits.
Fintech and brokerage platforms are dealing with cloud breaches now too, and insurers have their own extortion headache after the Niva Bupa situation.
Even manufacturing didn’t get a pass this year, with Raymond and Tata Technologies both getting hit on the IT services and manufacturing side.
How These Three Actually Compare
Ransomware usually walks in through vendor access or unpatched software and costs you downtime plus maybe a ransom demand, so backups and network segmentation actually help there.
Phishing comes through email or fake sites and steals credentials, honestly, training your people catches more of this than any spam filter does.
Malware and RATs sneak in through installers, and patching combined with endpoint monitoring is what catches them before they settle in for good.
None of This Is Cheap to Ignore
Losses from cyberattacks in India passed ₹20,000 crore in 2025, and that’s before counting DPDP Act penalties for breaches nobody bothered reporting, outages that dragged past twelve days in a couple of cases, or the customer trust that just doesn’t come back once a bank’s name shows up in a breach headline.
This Is Where a Security Partner Actually Earns Their Keep
A solid cyber security services provider now offers continuous monitoring, incident response, vendor risk assessments, and phishing awareness training.
Good cyber security services and modern cyber security solutions treat ransomware, phishing, and malware as one connected problem instead of three separate purchase orders sitting in different budgets.
2026, So Far
So far, 2026 is seeing AI-written phishing emails, deepfake voice scams, and unsecured cloud storage. The DPDP Act raises the stakes on all of it going forward.
Conclusion
Put it all together, the ransomware at Tata Technologies and Raymond, the alleged breach at ICICI, and the AWS exposure at Angel One, and the takeaway is pretty simple: nobody’s exempt anymore, no matter how big the name on the door is.
Cybersecurity threats in India have outgrown what a firewall and antivirus subscription can handle on their own.
Talk to Us
If your business wants to strengthen its defenses against ransomware, phishing, and malware, our cyber security experts can help.
Contact us today for a security assessment and learn how the right cyber security services can reduce your organization’s risk.
Vendors and misconfigured cloud setups mostly, ransomware and malware riding in through those, with phishing picking up whatever’s left.
2. Which industries get hit hardest?
BFSI, IT services, education, and government take the worst of it, at least based on what CERT-In and Check Point are both seeing.
3. Is ransomware actually getting worse?
Yeah, genuinely, not just louder. 8.9% of Indian organizations dealt with it recently, against a 4.8% global rate.
4. What’s the right move right after a ransomware hit?
Isolate the systems first, get responders on the phone, notify regulators under the DPDP Act, and hold off on paying anyone until you’ve gotten expert advice.
Vijay Mandora is the Founder, Chairman & Managing Director of ECS Group and a technology leader with over 33 years of experience in Cyber Forensics, Cyber Intelligence, Information Security, and E-Waste Management. A first-generation entrepreneur and electronics engineer, he has led the development of innovative and patented cyber forensic solutions serving defence organizations, law enforcement agencies, government institutions, and enterprises across India. Passionate about knowledge sharing, Vijay regularly conducts training programs and workshops for cybersecurity professionals, government officials, and investigative agencies.