It was a regular Monday morning at a mid-sized manufacturing company in western India.
The plant was running at full capacity. Orders were lined up. Trucks were waiting at the gate, waiting to be loaded.
Suddenly the systems started freezing. First the ERP went down. Then the production dashboards stopped updating. Within minutes, machines dependent on central systems came to a halt. A message appeared on a screen in the control room.
“Your data has been encrypted. Pay to restore access.”
Panic and urgency were everywhere. Very few knew what was happening. Urgent emergency meeting of the CEO, CFO, CIO, was called out. It was evident that ransomware incident had happened, and no one knew how to handle it.
The one major question in everyone mind was “How long before the operations are up again?
India’s digital transformation has been fast and ambitious. Cloud adoption, automation, remote access, and connected infrastructure have become the norm across sectors like manufacturing, BFSI, healthcare, logistics, and government services.
But security has often taken a back seat.
Legacy systems running alongside modern cloud workloads
Flat networks with limited segmentation
Backup strategies that exist on paper but fail in real crises
Security ownership buried deep within IT teams
And guess what? Ransomware groups know this shortcoming. India naturally becomes a high-value target because major operations are getting digital, downtime is expensive, and response mechanism is quite fragmented
Leadership realised that ransomware attacks today are not just about encrypting files. They are target business disruption campaigns, and they realise that the impact is no longer hypothetical but a but a direct threat to business continuity.
Revenue loss per hour of downtime is measurable
Regulatory exposure under India’s data protection framework is real
Brand trust erodes quickly when customer data is compromised
Ransom payments raise legal, ethical, and compliance concerns
When factories stop, hospitals divert patients, or financial services freeze transactions, leadership accountability becomes unavoidable.
A ₹800 crore auto components manufacturer had invested heavily in automation. Major production systems were connected to central IT for real-time reporting and efficiency.
What they had NOT invested in was segmentation between IT and OT environments.
An employee unknowingly clicked on a phishing email that looked like a vendor invoice. The attacker gained access to the corporate network. From there, they moved laterally into production systems.
Within a few hours:
Design files were encrypted
Production control servers were locked
Backups were found to be connected and compromised
The ransom demand was significant. Paying it was risky. Not paying it meant weeks of downtime.
The company chose recovery.
It took 18 days to restore partial operations. Losses crossed ₹30 crore. One can only imagine how long it took to build the customer confidence back.
And surprisingly, the board’s first question after recovery was not “How do we fix IT?”, but “How do we make sure this never happens again?”
The most important question after the incident was not about tools. It was about resilience.
Leaders realised that reframing security as a business continuity strategy, was the need of the hour.
They started to ask :
Is it possible to isolate critical systems if something goes wrong
Are backups protected, tested, and recoverable under pressure
Do we have visibility across cloud, data center, and edge environments
How fast can we recover and resume operations
And that’s where infrastructure design started to matter as much as detection.
Resilience today is built into the platform, not added after a breach.
Secure cloud architectures with segmented networks, immutable backups, zero trust access, and 24x7 monitoring help limit attack radius and speed up recovery. Managed security and cloud operations ensure that these controls are not just deployed, but continuously validated.
The goal is simple. Even if an attack succeeds, the business keeps moving.
Ransomware has changed the security conversation in India. In a digital-first economy, infrastructure security is no longer an IT line item. It is a leadership decision.
© Copyright 2023 Esconet Technologies Ltd.