Ransomware attacks on Indian organizations saw a dip of 9% in 2023 even though their financial impact has intensified with a significant increase in ransom demand and recovery cost, according to a new report by cybersecurity firm Sophos.
Sophos’ "State of Ransomware in India 2024" report, released May 14, shows that 64% of Indian organizations were hit by ransomware last year, down from 73% in 2022. Though the frequency of the attack declined, the cost of recovering from an attack is on the rise. The average cost incurred by Indian firms in data recovery even without paying ransom was $1.35 million.
While efficiency of data recovery improved slightly, with 61% of firms recovering data within a week compared to 59% in 2022, a concerning trend is emerging. It was found that for the first time, more Indian firms (65%) opted to pay the ransom to regain access to their data, compared to those firms that turned to backups (52%).
This shift in strategy also coincides with a significant increase in average ransom demands. Sophos found the average ransom demanded from Indian firms soared to $4.8 million in 2023, while the median ransom paid was $2 million.
The findings of the report is based on interviews of 5,000 IT decision makers across 14 countries, including 500 in India. The interviews were conducted between January and February 2024.
In terms of global impact of ransomware attacks, the report found that
59% of organizations were targeted last year as compared to 66% in the previous two years. France reported the highest ransomware attacks followed by South Africa and Italy. Exploited vulnerability (36%), compromised credentials (29%), and malicious emails (23%) were identified as the top three causes leading to the attack.
The reports further shows that attackers tried to compromise backups of 94% of organizations after targeting them with ransomware and in 57% of cases they were successful in their attempts. Also, 32% firms said that their data was also stolen by attackers.
John Shier, field CTO at Sophos cautions firms that the dip in ransomware attacks should not lead to complacency.
“Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy. Without ransomware we would not see the same variety and volume of precursor threats and services that feed into these attacks,” said Shier.
He added that the ransomware landscape offers something for every cybercriminal. “While some groups are focused on multi-million-dollar ransoms, there are others that settle for lower sums by making it up in volume.”
It was also found that attackers are often open to negotiations and in many instances are willing to take a lower ransom payment. The report shows that 44% of firms paid less than what was originally asked, but 31% also paid more than the original ask.