A significant proportion of Indian businesses had ransomware attacks in 2023: Sophos

Sixty-two percent of ransom requests exceeded one million dollars, with an average demand of USD 4.8 million.

According to a recent Sophos research released on Tuesday, ransomware attacks affected over 64% of Indian organizations polled in 2023. The analysis also noted that while the attack frequencies decreased year over year, the effect on victims actually worsened.

Sixty-two percent of ransom requests exceeded one million dollars, with an average demand of USD 4.8 million.

According to the research by the international cybersecurity solutions company, the average ransom paid was USD 2 million.

In a nutshell, ransomware is malicious software or malware that encrypts information on a computer, network share, backup drive, or server and then demands payment from the user in order to release the contents.

Ransomware assaults usually have a deadline attached to them, warning victims that their data will be lost if the ransomware's demands are not met.

As to the 'State of Ransomware in India 2024' research published by Sophos, the percentage of ransomware attacks against Indian organizations has decreased from 73% in the previous study (2022) to 64% in 2023.

Interestingly, "the impact on victims has intensified, with higher ransom demands and cost of recovery compared to the previous year" .

The results come from an impartial study that included 500 respondents in India and 5,000 IT decision makers from 14 other nations.

Respondents were asked to base their responses on their experiences from the preceding year in a survey that was conducted in January and February of 2024.

For the first time, it was discovered that Indian organizations had a higher likelihood of recovering data by paying the ransom (65%) as opposed to employing backups (52%).

According to the research, assaults on Indian victims resulted in an average of 44% of damaged machines being encrypted.

"Data theft was included in 34% of assaults in addition to encryption, which is a tiny decrease from 38% the year before. The average cost to recover from an assault, excluding ransom payments, was USD 1.35 million, according to a statement from Sophos.

The research states that, compared to 59% in 2022, 61% of victims were able to retrieve their data in less than a week. Up to 96% of those who reported the incident to the police also received help with their investigations.

"The most economical approach to preventing ransomware attacks is still prevention," said Sunil Sharma, Vice President of Sales for Sophos in India and SAARC.