AI-Driven Ransomware and Deepfake Attacks Surge in India

The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.

Over half of Indian organizations experienced ransomware attacks in the past year, with 71% reporting a rise in AI-driven phishing and deepfake impersonation attempts. These AI-enabled attacks led to significant data loss, ransom payments, and operational disruptions, making India one of the most targeted markets globally.[AI generated]

Why's our monitor labelling this an incident or hazard?

The article explicitly states that over half of Indian enterprises faced ransomware attacks, many of which were AI-driven, and that these attacks caused significant harm such as data encryption and ransom payments. The involvement of AI in phishing, deepfake impersonations, and ransomware attacks is clear, and the harms are realized, including data loss and operational disruption. Therefore, this qualifies as an AI Incident under the framework, as the AI system's use in attacks has directly led to harm to property and disruption of operations.[AI generated]

AI principles

AccountabilitySafetyRobustness & digital securityPrivacy & data governanceRespect of human rightsDemocracy & human autonomyHuman wellbeing

Industries

Digital security

Affected stakeholders

Business

Harm types

Economic/PropertyHuman or fundamental rights

Severity

AI incident

AI system task:

Content generation

Articles about this incident or hazard

Nearly half of Indian firms faced ransomware in 2024, says OpenText

2025-11-03

ETCISO.in

Why's our monitor labelling this an incident or hazard?

More than half of Indian enterprises faced ransomware attacks: survey

2025-11-03

The Hindu

Why's our monitor labelling this an incident or hazard?

The article explicitly mentions AI-driven phishing and deepfake attempts as part of ransomware and cyberattacks affecting Indian enterprises. These AI systems are used maliciously to cause harm, including data encryption, theft, and impersonation, which are direct harms to organizations' property and operational integrity. The widespread occurrence and impact of these attacks meet the criteria for an AI Incident, as the AI system's use has directly led to harm. The article does not merely discuss potential risks or responses but reports on actual incidents and their consequences.

Over 50% Indian companies hit by ransomware in past year

2025-11-03

NewsBytes

Why's our monitor labelling this an incident or hazard?

The report explicitly links AI to the increase in ransomware and phishing attacks, including deepfake impersonations, which have directly harmed organizations by encrypting or stealing data and causing operational disruptions. The harms fall under injury to property and disruption of operations. The AI systems are involved in the use (malicious use) in cyberattacks, fulfilling the criteria for an AI Incident. The description of actual harm occurring (data loss, complex ransomware incidents) confirms this is not merely a potential hazard or complementary information.

Nearly half of Indian organisations experienced at least one ransomware attack in the past year - highlights OpenText cybersecurity 2025 ransomware - Express Computer

2025-11-04

Express Computer

Why's our monitor labelling this an incident or hazard?

The article explicitly mentions AI-driven phishing and deepfake attacks that have been actively used against Indian organisations, causing real harm including data encryption, ransom payments, and impersonation. These harms fall under injury to property and harm to organisations and communities. The AI involvement is in the use of AI systems to conduct these attacks, which have directly led to these harms. Hence, this is an AI Incident rather than a hazard or complementary information.