India among top ransomware targets as WannaCry reshapes cybercrime

India was among the top five countries most affected by the WannaCry ransomware outbreak, according to a report by cybersecurity company F-Secure. The report noted that ransomware attacks increased in volume by more than 400 per cent compared with the previous year.

The cybersecurity firm attributed much of this growth to the WannaCry crypto worm but observed that other ransomware incidents became less frequent as the months progressed, showing a shift in how cybercriminals are using the malware.

The report found that ransomware continued to evolve as a significant cyber threat. Prominent variants included established families such as Locky, Cryptolocker and Cerber. However, WannaCry stood out as the most frequently detected ransomware strain, accounting for nine out of every ten ransomware reports by the end of the period.

Advertisement

‹

EVENT

Infosec Reimagined

Infosec Reimagined 2026 is the premier information security summit where top leaders—CISOs, CROs, CIOs, CTOs and risk executives—converge to redefine cyber resilience.

📅 Fri, 26 Jun 2026

📍 New Delhi

Register Now →

EVENT

Digital Senate

Digital Senate is a premier conference uniting government leaders, technologists and innovators to share ideas, success stories and strategies on digital governance, public sector transformation, cybersecurity and emerging technologies in India.

📅 Thu, 30 Jul 2026

📍 New Delhi

Register Now →

EVENT

CIO Prism

CIO Prism unites forward-thinking technology leaders to exchange transformative insights, shape digital strategies, and foster innovation, empowering enterprises to excel in an era of rapid technological change.

📅 Fri, 18 Sep 2026

📍 Goa

Register Now →

›

While the WannaCry ransomware family remained widespread in the latter half of the year, the use of other ransomware by cybercriminals appeared to decline. F-Secure Security Advisor Sean Sullivan said this pattern suggests that many amateur hackers have lost interest in ransomware.

WannaCry ransomware

“After the summer, there was a noticeable shift away from the kind of ransomware activity we had seen in the previous year or two,” said Sullivan.

“In the past few years, cybercriminals created numerous new ransomware variants, but that activity slowed after last summer. It seems the ransomware gold rush mentality has ended, although hardened extortionists continue to use ransomware, particularly against organisations. WannaCry revealed how vulnerable many companies remain,” he said.

The report added that while ransomware incidents were showing signs of decline, there was growing evidence that attacks were becoming more targeted towards corporate networks. This includes attempts to compromise organisations through exposed RDP ports.

SamSam ransomware

The SamSam ransomware family is known for this method and has already infected several US-based organisations, including the IT systems of the city of Atlanta in a recent attack.

According to Sullivan, several factors are driving this shift in criminal behaviour. “The rising value of bitcoin has made crypto mining more appealing and possibly less risky for cybercriminals.

Revenues from ransomware may also be falling as greater awareness has encouraged individuals and companies to maintain reliable backups, and as scepticism grows about whether criminals will actually decrypt data as promised.

Yet cybercriminals will always pursue easy opportunities, and they could return to ransomware if conditions become favourable again.”

Editor’s note: The image accompanying this article has been updated.