Indian firms faced more ransomware attacks than any other country in 2021, report

Indian firms have been facing a growing number of ransomware attacks over 2021, as cybercriminals try to compromise their infrastructure to crack larger companies. According to a survey by American security firm CrowdStrike and market research firm Vanson Bourne, almost half (49%) of organizations in India suffered multiple ransomware attacks, while 76% were hit by at least one ransomware attack in the last 12 months. This is more than any other country, the December 7 report said.

Interestingly, many Indian companies even caved to extortion demands of attackers to avoid an attack. The report found that 27% of Indian companies had paid extortion fees of $500,000 to $1 million. As a result, India accounted for the highest average extortion fee payment ($ 1.128 million) on top of ransom. The report said that the average ransom amount paid by Indian companies was $2.92 million, while 26% of Indian companies even paid a ransom of $5 million to $10 million.

“Cyberattacks are increasing globally and we're seeing a similar trend in India,” said Mark Goudie, APJ services director at CrowdStrike.

India has seen a massive increase in the adoption of IT and digital technologies in response to the pandemic-led disruption and shift to remote and hybrid work models. Last week, global research firm Gartner also predicted that Indian companies will spend over $100 billion on information technology (IT) infra. Security researchers have said that the shift to remote and hybrid work have expanded the "attack surface" and made Indian companies easy targets for ransomware attackers. Attack surface is the total number of points of entry for a hacker.

Goudie pointed out that while covid-19 has created fertile ground for threat actors to capitalise on security vulnerabilities, the attacks are growing even after the second year of the pandemic. “Much of this is down to threat actors evolving their tactics, techniques and procedures (TTP) but also due to organisations still relying on legacy security solutions that are just not fit for purpose,” he added. 

He warned that Indian organizations have limited access to threat intelligence, which is exacerbating the problem. Investment in threat intelligence and threat hunting services can help mitigate the risks, he added. Threat intelligence is the information an organization has to pre-empt cyber-attacks, while threat hunting is the process of actively seeking out bugs and other pain points in IT infra.

On the brightside, Indian companies feel they are prepared to deal with future ransomware attacks. The CrowdStrike report shows that 60% of Indian companies have a comprehensive strategy in place to coordinate a response, while 72% said they have confidence in their IT security, which is the highest globally too. 

Even though 31% of Indian companies have paid the ransom and 49% have tried to negotiate with attackers, a significant number of them have also tried to improve their security after an attack. The report found that 63% upgraded their security team while 67% upgraded the security software to protect against future attacks. 

However, most Indian companies are still wary of their supply chain partners and their security posture. According to the CrowdStrike report, 63% of Indian companies said they have lost trust in a new or existing supplier in the last 12 months while 83% agreed to readdress the supply chain policy after the Solarwinds attacks. 

Attackers are increasingly going after supply chain networks as their growing complexity makes it harder to mitigate all risks. Solarwinds and Kaseya are some of the prominent software suppliers that were targeted this year by attackers to target their high-profile clientele. 

Apart from ransomware attacks and supply chain issues, Indian companies also expressed concerns over identity-based compromises including password and credential thefts (49%), followed by Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) attacks (46%) and general malware (41%). 

The survey was conducted between September and November 2021, and a total of 2,200 senior IT decision-makers and IT security professionals from medium and large private and public sector companies were interviewed. Around 300 of them were from Indian companies.