India Emerges as APAC’s Ransomware Epicentre as Cyberattacks Surge in Manufacturing Industry

India Apr 14: Check Point Software Technologies Ltd., a pioneer and global leader of cyber security solutions,  unveiled its Manufacturing Threat Landscape 2025 report, highlighting a rapidly intensifying cyber security environment for the global manufacturing sector. As per the report findings, India has emerged as the Asia Pacific epicentre of ransomware activity, with manufacturing organisations witnessing a marked rise in both frequency and impact. According to the Exposure Management Research report, for the full year of 2025, 65% of affected Indian organisations paid ransoms, with average payouts reaching $1.35 million. Globally, attacks on manufacturers rose 56% from 937 incidents in 2024 to 1,466 in 2025 as threat actors increasingly prioritise operational disruption and supply chain leverage over standalone data theft.

In 2025, ransomware, supply chain interferences, and operational technology (OT) vulnerabilities converged to significantly elevate risk across industrial ecosystems.

While the United States reported the highest number of incidents (713), India’s position as a high-volume target (201) reflects both its scale and rapid industrial digitisation. Similar patterns are visible across Europe and the UK, where attacks on manufacturing continue to trigger downstream disruptions across automotive, aerospace, and logistics sectors.

Recent insights from Check Point Threat Intelligence also highlighted that industrial manufacturing organisations in India faced up to 2,786 cyberattacks per week over the last 6 months, underscoring the intensity and persistence of targeting.

“India’s emergence as the APAC ransomware epicentre signals a shift toward persistent, high-frequency attacks engineered for business impact.” said Sundar Balasubramanian, Managing Director, India, Check Point Software Technologies Ltd. “This requires organisations to move beyond reactive security models. With comprehensive architectures like Check Point’s Hybrid Mesh Network Security, enterprises can enable unified, scalable protection across IT and OT environments reducing complexity and preventing threats before they impact operations.”

Why Manufacturers Are So Vulnerable

The rise in attacks is driven by three structural challenges:

• Legacy OT infrastructure: Industrial systems such as PLCs, SCADA, and IoT devices were not designed with modern security frameworks, making them highly exploitable.
• Expanding supply chains: Threat actors are increasingly leveraging third-party vendors and service providers as entry points.
• Ransomware-as-a-Service (RaaS): The industrialisation of cybercrime has enabled rapid scaling through affiliate-driven models.

The Threat Actors Driving Industrial Attacks

Manufacturing is now targeted by both financially motivated ransomware groups and geopolitically aligned actors, reinforcing its role as a critical economic and strategic pressure point.

• Akira leverages VPN vulnerabilities, unpatched systems, and phishing to execute attacks combining data exfiltration with encryption.
• Qilin, operating on a RaaS model, focuses on manufacturing and logistics, extending disruption across interconnected ecosystems.
• The Play ransomware group exploits legitimate credentials and disables security controls prior to encryption, amplifying operational impact.
• In parallel, hacktivist and state-aligned groups such as NoName057(16) and China-linked actors are conducting denial-of-service attacks, OT reconnaissance, and public-facing disruptions, often aligned with geopolitical developments.

The Most Common Attack Paths Into Manufacturing Networks

Ransomware remained the primary attack vector, accounting for 890 manufacturing incidents, but techniques are becoming more varied and sophisticated:

• Exploited vulnerabilities (32%) targeting legacy systems and internet-facing applications
• Phishing campaigns (23%) that are increasingly AI-enabled and highly personalised
• Compromised credentials, now widely traded on the dark web
• Supply chain and remote access exploitation, enabling lateral movement across IT and OT environments

Attack strategies are also evolving beyond encryption to include data exfiltration, extortion-only models, and direct operational disruption.

A Manufacturing Cyber Security Reprioritization is Needed

The report highlights the need for manufacturers to recalibrate cyber security strategies:

• Adopt Zero Trust architectures across IT and OT environments
• Accelerate vulnerability management and patching cycles
• Strengthen identity and access controls, including MFA and SSO
• Implement immutable and offline backup systems
• Build employee awareness and phishing resilience
• Elevate third-party risk management as a core security function

2026 Manufacturing Security Forecast

Cyber threats targeting manufacturing are expected to intensify, driven by AI-enabled attack automation, faster execution cycles, and a growing emphasis on data extortion. As geopolitical tensions increasingly extend into cyberspace, manufacturing will remain a high-priority target.

As India strengthens its position as a global manufacturing hub, building cyber resilience will be critical to ensuring operational continuity and protecting supply chain integrity.