73% Of Indian Organisations Hit By Ransomware Attacks Last Year: Report

Even as the technology sector continues to evolve and cyberspace grows bigger, the threat landscape continues to automatically widen too, and customer and financial data is increasingly at risk of being compromised by malicious agents.

This trend is reflected in the annual report, State of Ransomware 2023, by U.K.-based cybersecurity company Sophos, which shows that 73% of Indian organisations reported they were victims of ransomware attacks in 2022. The rate is significantly higher than 57% reported the previous year. The rate of ransomware attacks in India is also higher than the global average of 66%, according to the report.

The report is based on a recent independent survey conducted by Sophos, which took inputs from IT and cybersecurity leaders from mid-sized organisations from 14 countries, including 300 respondents from India.

The report also shows the root causes and outcomes from the ransomware attacks. The most common cause was found to be exploited vulnerability (in 35% of cases), followed by compromised credentials (in 33% of cases). As to consequences, in 77% of global ransomware attacks against the organisations surveyed, hackers were successful in data encryption, which was slightly lower than the 80% reported the previous year.

"Although dipping slightly from the previous year, the rate of encryption remains high at 77%, which is certainly concerning," said Chester Wisniewski, field chief technology officer at Sophos.

According to the report, the education sector was the worst hit globally. Of the higher and lower education organisations surveyed, 79% and 80%, respectively, reported that they were hit by ransomware attacks.

In a positive finding, 44% of organisations paid the ransom to retrieve their data from hackers, a significant drop from 78% the previous year. Larger organisations were found to be more inclined to pay the ransom because they may have standalone cyber insurance policy that covers ransom payments.

Ransomware is a type of malware attack in which hackers usually lock and encrypt sensitive data or critical files of an organisation or user, threatening to block access to it, make it public or hold it hostage unless a ransom is paid. To avoid data leaks and restore access, a lot of organisations end up paying the ransom.

The report also found that when organisations paid a ransom for data decryption, they ended up additionally doubling their recovery costs ($750,000 in recovery costs versus $375,000 for organisations that employed backups to get their data back).

The report comes in the wake of other findings that show the ever-expanding threat landscape in Indian cyberspace, along with a number of recent breaches of enterprise and government data. In the January to March quarter, India has reportedly witnessed an 18% year-on-year jump in weekly cyberattacks, averaging 2,108 attacks per organisation during the period.

A number of data breaches have also been reported in the country in the recent past. In the latest ransomware attack, the Indian Insurance Information Bureau, which maintains a repository of insurance-related data, reported to the Cyberabad police that alleged hackers with a Russian IP address encrypted their data, making it inaccessible, and demanded bitcoins worth $250,000.  

In March, the Ministry of Health's website was targeted by hackers, who claimed they had access to sensitive information on hospitals, patients, and staff. In the same month, reports surfaced about a subsidiary of HDFC Bank Ltd. suffering a data leak from one of its service providers after a hacker posted sample customer data on a hacker forum.

According to experts, an emerging threat also includes cyber criminals resorting to harvest-now-decrypt-later attacks. In HNDL attacks, malicious agents may harvest encrypted enterprise data with the hopes of quantum computing becoming functional and allowing them to decrypt the harvested data for future use.