Around 78 per cent of Indian organisations surveyed were hit by ransomware in 2021 and some of the entities paid over Rs 76 crore as ransom to get their data back, cybersecurity firm Sophos said in a report.
According to the report, the average ransom paid by Indian organizations that had data encrypted in their most significant ransomware attack was USD 1,198,475 (around Rs 9 crore) with 10 per cent of victims paying ransoms of USD 1 million or more.
The survey found that 48 per cent of Indian firms paid less than USD 5,000, while 10 per cent paid USD 1 million or more.
Three companies in the survey admitted to having paid a ransom of USD 10 million and more to get back their data and keep it safe.
“The ransomware situation in India is worrying. The numbers of victims, ransom payments and the impact of these attacks continued to rise during 2021, at considerable cost," Sophos, managing director for sales in India and SAARC Sunil Sharma said.
The survey covered the impact of ransomware on 5,600 mid-sized organizations in 31 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa, including 300 in India.
The report found that 78 per cent of organizations that had data encrypted in a ransomware attack paid the ransom in 2021 and it was the highest rate of ransom payment reported across all 31 countries surveyed.
"While the average expense of recovering from an incident declined to USD 2.8 million from USD 3.4 million in 2020, it remains a significant number that should be sounding alarm bells among management teams of Indian firms.
"In 2021, the percentage of victim organisations directly impacted by ransomware increased from 68 to 78 per cent. Ransomware isn't something that might happen, it is something that will happen if you haven't taken the precautions necessary," Sharma said.
According to the survey, 97 per cent of organizations said the attack had impacted their ability to operate, and 92 per cent of the victims said they had lost business or revenue because of the attack.
"78 per cent of the organizations that had data encrypted paid the ransom to get their data back, even if they had other means of data recovery, such as backups," the report said.