Nearly 64%t of Indian organisations surveyed were hit by ransomware attacks in 2023, a latest report by Sophos said on Tuesday, noting that while the attack rates fell year-on-year, the impact on victims actually intensified. The average ransom demand was $4.8 million, with 62% of demands exceeding $1 million.
The median ransom paid was $2 million, the report by the global cybersecurity solutions provider said.
Put simply, ransomware refers to malicious software or malware that seizes files on a computer, network share, backups, and server, and encrypts them, following which the attacker exhorts the user to cough up money to unlock the files.
Typically, ransomware attacks come with a timeline, threatening users that if ransomware demands are not fulfilled, the users will lose files.
According to the 'State of Ransomware in India 2024' report by Sophos, there has been a decrease in the rate of ransomware attacks against Indian organisations from the 73% reported in last study (2022) to 64% in 2023.
Notably though, 'the impact on victims has intensified, with higher ransom demands and recovery costs compared to the previous year'.
The findings are derived from an independent survey of 5,000 IT decision makers across 14 countries, including 500 respondents in India.
Conducted in January and February 2024, respondents were asked to answer based on their experiences in the previous 12 months.
For the first time, Indian organisations were found to be more likely to recover data by paying the ransom (65%) than using backups (52%).
The report revealed that 44% of impacted computers on an average were encrypted in attacks against Indian victims.
'Thirty four per cent of attacks included data theft in addition to encryption, slightly down from 38 per cent the previous year. Excluding ransom payments, the average cost to recover from an attack was $1.35 million,' Sophos said in a release.
As per the report, 61% of victims were able to recover data within a week, up from 59% in 2022. As many as 96% reported the attack to authorities, with 70% receiving investigation assistance.
'Prevention remains the most cost-effective ransomware strategy,' Sunil Sharma, Vice President, Sales, India and SAARC, Sophos said.