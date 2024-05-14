Ransomware attacks against Indian organisations dropped to 64 per cent this year from 73 per cent reported last year, according to a cybersecurity solutions provider Sophos study. The annual 'State of Ransomware in India 2024' report released by the firm further stated that while the number of firms may have gone down, the impact on victims has grown more severe, with heightened ransom demands and recovery costs compared to the prior year.

Sophos' survey is derived from an independent survey of 5,000 IT decision-makers across 14 countries, including 500 respondents in India. The findings reflect experiences collected between January and February 2024, where respondents were asked to respond based on the last 12 months.

Indian firms more likely to recover data by paying ransom demands

For the first time, Indian organisations were found to be more inclined to recover data by paying the ransom (65 per cent) rather than utilising backups (52 per cent). The average ransom demand stood at $4.8 million, with 62 per cent exceeding $1 million and a median ransom payment of $2 million.

The average recovery cost for data in India is $1.35 million

Around 44 per cent of impacted computers were encrypted in attacks against Indian victims, with 34 per cent of attacks involving data theft in addition to encryption.

Excluding ransom payments, the average recovery cost was $1.35 million, and 61 per cent of victims restored data within a week, an increase from 59 per cent in 2022.

Moreover, 96 per cent reported the attack to authorities, with 70 per cent receiving investigation assistance.

Global trends of ransomware attacks

Global findings from the report found that only 24 per cent of ransom payers remit the originally requested amount, with 44 per cent paying less than the initial demand. The average ransom payment equated to 94 per cent of the initial demand.

In over 80 per cent of cases, ransom funding came from various sources, with organisations covering 40 per cent and insurance providers 23 per cent.

Additionally, 94 per cent of organisations hit by ransomware reported attempts to compromise their backups, successful in 57 per cent of cases.

In 32 per cent of incidents involving data encryption, data theft also occurred, enhancing attackers' ability to extort victims.

Best practices to defend against ransomware and other cyber threats

The report highlights the urgent need for robust cybersecurity measures and proactive defence strategies to combat evolving ransomware threats. Here are some methods recommended by Sophos to enhance cybersecurity:

Understand risk profile: Utilise tools to assess an organisation's external attack surface. Implement endpoint protection: Deploy endpoint protection solutions designed to thwart various ransomware techniques. Enhance defences with threat detection: Strengthen security posture with continuous threat detection, investigation, and response capabilities. Develop an incident response plan: Establish and maintain an incident response plan outlining the steps to be taken in the event of a security breach. Regularly back up critical data and conduct drills to practice data recovery from backups, ensuring preparedness for potential incidents.

Commenting on the report's findings, Sunil Sharma, vice president of sales in India, Sophos, said, "Prevention remains the most cost-effective ransomware strategy. Solid defence, in-depth cybersecurity with anti-ransomware capabilities and ensuring in-depth defense protection with 24/7 monitoring are critical. At the same time, it is equally important to develop response capabilities and comprehensive backup and recovery measures."