A report by cybersecurity solutions vendor Sophos revealed that ransomware attacks against Indian organisations decreased to 64% this year from 73% recorded last year.
As per the company's yearly 'State of Ransomware in India 2024' report, victims are facing more severe consequences, including higher ransom demands and recovery expenses in comparison to the previous year, despite a decrease in the number of impacted organisations.
An independent study of 5,000 IT decision-makers in 14 countries, 500 of whom were in India, provided the basis for Sophos' survey. Responses based on the previous 12 months were requested from respondents, and experiences gathered between January and February of 2024 are reflected in the findings.
Indian firms paying ransom
For the first time, Indian organisations were found to be more likely to restore data by paying the ransom (65%) than by using backups (52%). The average ransom demand was $4.8 million, with 62% above $1 million, while the median ransom payment was $2 million.
In attacks against Indian victims, around 44% of impacted devices were encrypted, with 34% of attacks also involving data theft. Excluding ransom payments, the average recovery cost was $1.35 million, and 61% of victims recovered data within a week, up from 59% in 2022. Furthermore, 96% reported the attack to authorities, and 70% received investigation support.
Global trends
According to the report's global statistics, just 24% of ransom payers pay the original required sum, with 44% paying less. The average ransom payment equaled 94 percent of the first demand. Ransom financing came from a variety of sources in more than 80% of cases, with groups contributing 40% and insurance carriers covering the remaining 23%.
Precaution tips
The report emphasises the critical necessity for robust safety precautions and proactive defence plans to combat increasing ransomware threats. Sophos recommends the following strategies to improve cybersecurity:
Understand the risk profile: Employ tools to evaluate an organisation's external attack surface.
Implement endpoint protection: Use endpoint protection technologies to combat various ransomware strategies.
Enhance defences with threat detection: Continually monitor, investigate, and respond to threats to strengthen security posture.
Create an incident response strategy: Identify the actions to be performed in the case of a security breach and create and maintain an incident response strategy. Make sure you are ready for any eventuality by regularly backing up important data and practicing data recovery from backups through exercises.