Sophos released its annual “State of Ransomware in India 2024” report. The findings show a decrease in the rate of ransomware attacks against Indian organisations from the 73% reported in last year’s study to 64% in this year’s. However, the impact on victims has intensified, with higher ransom demands and recovery costs compared to the previous year.
The State of Ransomware in India 2024 report findings are derived from an independent survey of 5,000 IT decision makers across 14 countries, including 500 respondents in India. Conducted in January and February 2024, respondents were asked to answer based on their experiences in the previous 12 months. For the first time, Indian organisations were found to be more likely to recover data by paying the ransom (65%) than using backups (52%). The average ransom demand was $4.8 million, with 62% of demands exceeding $1 million. The median ransom paid was $2 million.
Key findings from the India report include:
⦁ 44% of impacted computers on average were encrypted in attacks against Indian victims.
⦁ 34% of attacks included data theft in addition to encryption, slightly down from 38% the previous year.
⦁ Excluding ransom payments, the average cost to recover from an attack was $1.35 million.
⦁ 61% of victims were able to recover data within a week, up from 59% in 2022.
⦁ 96% reported the attack to authorities, with 70% receiving investigation assistance.
“Prevention remains the most cost-effective ransomware strategy. Having solid defense-in-depth cybersecurity with anti-ransomware capabilities, ensuring in-depth defense protection with 24/7 monitoring is critical. At the same time, it is equally important to develop response capabilities, and comprehensive backup and recovery measures,” said Sunil Sharma, Vice President, Sales, India and SAARC, Sophos. “Continually reviewing security posture and incident response plans will also greatly improve an organisation’s resilience against these relentless attacks.”
Additional key global findings from the report include:
⦁ Less than one quarter (24%) of those that pay the ransom hand over the amount originally requested, and 44% of respondents reported paying less than the original demand.
⦁ The average ransom payment came in at 94% of the initial ransom demand.
⦁ In more than four-fifths (82%) of cases funding for the ransom came from multiple sources. Overall, 40% of total ransom funding came from the organisations themselves and 23% from insurance providers.
⦁ 94% of organisations hit by ransomware in the past year said that the cybercriminals attempted to compromise their backups during the attack, rising to 99% in both state and local government. In 57% of instances, backup compromise attempts were successful.
⦁ In 32% of incidents where data was encrypted, data was also stolen – a slight lift from last year’s 30% – increasing attackers’ ability to extort money from their victims.
John Shier, field CTO, Sophos, said, “We must not let the slight dip in attack rates give us a sense of complacency. Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy. Without ransomware we would not see the same variety and volume of precursor threats and services that feed into these attacks. The skyrocketing costs of ransomware attacks belie the fact that this is an equal opportunity crime. The ransomware landscape offers something for every cybercriminal, regardless of skill. While some groups are focused on multi-million-dollar ransoms, there are others that settle for lower sums by making it up in volume.”
Sophos recommends the following best practices to help organisations defend against ransomware and other cyberattacks:
⦁ Understand your risk profile, with tools such as Sophos Managed Risk which can assess an organisation’s external attack surface, prioritise the riskiest exposures and provide tailored remediation guidance.
⦁ Implement endpoint protection that is designed to stop a range of evergreen and constantly changing ransomware techniques, such as Sophos Intercept X.
⦁ Bolster your defenses with round-the-clock threat detection, investigation and response, either through an in-house team or with the support of a Managed Detection and Response (MDR) provider.
⦁ Build and maintain an incident response plan, as well as making regular back-ups and practicing recovering data from backups.