Seven out of ten (78 per cent) Indian organisations were hit with ransomware attacks last year, up from 68 per cent in 2020.
The average ransom paid by the Indian organisations that had data encrypted in their most significant ransomware attack was $1,198 475, with 10 per cent of victims paying ransoms of $1 million or more, according to cybersecurity firm Sophos.
“The ransomware situation in India is worrying. The numbers of victims, ransom payments and the impact of these attacks continued to rise during 2021, at considerable cost,” said Sunil Sharma, Managing Director, Sales, India and SAARC Sophos.
He further added that while the average expense of recovering from an incident declined to $2.8 million from $3.4 million in 2020, it remains a significant number that should be sounding alarm bells among management teams of Indian firms.
Seventy-eight per cent of the Indian organisations that had data encrypted paid the ransom to get their data back, even if they had other means of data recovery, such as backups. It took on average one month to recover from the damage and disruption.
According to the ‘State of Ransomware 2022’ report, 97 per cent of organisations said the attack had impacted their ability to operate, and 92 per cent of the victims said they had lost business and/or revenue because of the attack.
“Nearly 89 per cent of mid-sized organisations had cyber insurance that covers in the event of a ransomware attack and in 100 per cent of incidents, the insurer paid some or all the costs incurred,” the finding explained.
“A considerable number of Indian victims are prepared to pay more than $1 million, but even ransom payments of a few thousand dollars are a good return for the crooks,” said Sharma.
According to reports, The Indian Computer Emergency Response Team (CERT-In) reported more than 2.12 Lakhs cybersecurity incidents this year (till February).
In comparison, the CERT-In reported more than 14.02 Lakhs cybersecurity-related incidents in total last year.