The recovery cost from the impact of a ransomware attack tripled in the last year in India — up from $1.1 million (over Rs 8 crore) in 2020 to $3.38 million (more than Rs 24.5 crore) in 2021 — as the country topped the list of 30 countries worldwide for ransomware attacks, a new report said on Tuesday.
The average ransom payment in India was $76,619 (over Rs 55 lakh). However, paying up often doesn’t pay off as Indian organizations that paid the ransom got back, on average, 75 percent of their data and only 4 percent got all their data back, according to ‘The State of Ransomware 2021’ report by global cybersecurity leader Sophos.
The findings showed that 67 percent of Indian organizations whose data was encrypted paid a ransom to get back their data — a slight increase on the previous year when 66 percent paid a ransom.
While the proportion of organizations hit by ransomware has declined compared to the previous year, Indian organizations are still far more likely to be hit than those in any other country surveyed, – Sunil Sharma, managing director-sales, Sophos India and SAARC.
“It is harder and more expensive for businesses to recover from these complex attacks, which can leave their operating budgets significantly affected,” he added.
The survey polled 5,400 IT decision makers in mid-sized organisations in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa, including 300 respondents in India.
The survey also found that 86 per cent of Indian organisations believe cyberattacks are now too complex for their IT team to handle on their own, compared to a global average of 54 per cent.
Additionally, the findings revealed that of the organisations in India not hit by ransomware in the last 12 months, the overwhelming majority (86 per cent) expect to become a target.
The top reason given for this (57 per cent) is that ransomware attacks are getting increasingly hard to stop due to their sophistication.
“The findings further highlight the brutal fact that paying a ransom to get data restored can be illusory,” Sharma said.
Nearly three quarters (72 per cent) of Indian organisations admitted that data had been encrypted in the most significant ransomware attack, down from 91 per cent in the previous year.