Nearly 73% of Indian firms were targeted by ransomware last year: Report

Nearly three fourth (73%) of Indian organisations were hit by ransomware last year, up from 57% in 2021, according to cybersecurity firm Sophos’ annual “State of Ransomware” report, released on Wednesday. In comparison, 66% of global companies said that their organisation had experienced a ransomware attack in the last twelve months.

The report found that exploited vulnerabilities (35%) and compromised credentials (33%) were the most common causes of attacks. 

Last month, India’s nodal cybersecurity agency Computer Emergency Response Team (CERT-IN) also warned that ransomware attacks in India have increased by 53% in 2022. 

According to recent news reports, critical infrastructure providers especially healthcare, oil and defence-related firms are increasingly being targeted. 

For instance, in November 2022, top public hospital AIIMS Delhi was targeted by a ransomware attack that disrupted most of its online services for over two weeks. In January, a Nagpur-based Solar Industries Limited (SIL), which makes industrial and defence explosives and counts Indian Army among its customers, was reportedly targeted by a ransomware attack. 

Further, Sophos report shows that 44% of companies in India that found their data encrypted by hackers decided to pay the ransom as compared to 78% in the previous year. 

In terms of ransom paid, 66% of organisations said that they paid less than $100,000, while 29% paid between $100,000 and $499,999. The mean ransom payment by Indian firms was $194,400 while the global average ransom payment was $1,542,330. 
Even if the amount of ransom paid by organisations is not significant, they end up losing a significant amount of revenue due to business downtime, manpower costs, network costs, and loss of customers. 

According to the Sophos report, Indian organisations incurred an average bill of $1.03 million after a ransomware attack. Around 85% of organisations in the private sector reported loss of business/revenue after a ransomware attack, the report showed. 

“Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation,” said Chester Wisniewski, field CTO at Sophos.

Also, the report showed that in 38% of ransomware attacks in India, data was stolen. Ransomware groups are increasingly using this new strategy to pressurise organisations into paying ransoms. If the target refuses to pay, the stolen data is sold on dark web marketplaces.

Security experts believe that ransomware attacks will proliferate this year due to a new business model called Ransomware-as-a-service (RaaS) offered by seasoned cybercriminals.  

RaaS allows cybercriminals to rent out ransomware to other criminals. This has made it much easier to launch ransomware attacks, as they do not need to have the technical expertise to develop their own ransomware.