The ransomware situation in India is worrying

As many as 78% of Indian organisations were hit with ransomware in 2021, up from 68% in 2020, and some of the entities paid over Rs 76 crore as ransom to get their data back, cybersecurity firm Sophos said in the report. As per the report, the average ransom paid by Indian organizations that had data encrypted in their most significant ransomware attack was USD 1,198,475 (around Rs 9 crore) with 10 percent of victims paying ransoms of USD 1 million or more and some 10% of victims paid ransoms of $1 million or more. Three companies in the survey admitted to having paid a ransom of USD 10 million and more to get back their data and keep it safe.

The ransomware situation in India is worrying. The numbers of victims, ransom payments and the impact of these attacks continued to rise during 2021, at considerable cost. The survey covered the impact of ransomware on 5,600 mid-sized organizations in 31 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa, including 300 in India. The report found that 78 percent of organizations that had data encrypted in a ransomware attack paid the ransom in 2021 and it was the highest rate of ransom payment reported across all 31 countries surveyed.

Ransomware attacks include attackers sending malware to your phones and other devices, which then proceeds to infect your devices and servers, eventually locking you out of them and preventing any access to your files and data. At this point attackers usually demand a ransom in exchange for getting access to your files again. While the average expense of recovering from an incident declined to USD 2.8 million from USD 3.4 million in 2020, it remains a significant number that should be sounding alarm bells among management teams of Indian firms.

In 2021, the percentage of victim organisations directly impacted by ransomware increased from 68 to 78 per cent. Ransomware isn't something that might happen, it is something that will happen if you haven't taken the precautions necessary, the report reveals. According to the survey, 97 percent of organizations said the attack had impacted their ability to operate, and 92 per cent of the victims said they had lost business or revenue because of the attack.

The report further states,78 per cent of the organizations that had data encrypted paid the ransom to get their data back, even if they had other means of data recovery, such as backups. Sophos advises to Install and maintain high-quality defences across all points in the organization’s environment. Review security controls regularly and makes sure they continue to meet the organization’s needs.

S Mohini Ratna, Editor, VARINDIA