More than seven in 10 (78 per cent) of Indian organisations were hit with ransomware attacks last year, up from 68 per cent in 2020, a new report showed on Wednesday.
The average ransom paid by the Indian organisations that had data encrypted in their most significant ransomware attack was $1,198,475, with 10 per cent of victims paying ransoms of $1 million or more, according to cybersecurity firm Sophos.
"The ransomware situation in India is worrying. The numbers of victims, ransom payments and the impact of these attacks continued to rise during 2021, at considerable cost," said Sunil Sharma, managing director, sales, India and SAARC, Sophos.
"While the average expense of recovering from an incident declined to $2.8 million from $3.4 million in 2020, it remains a significant number that should be sounding alarm bells among management teams of Indian firms," Sharma said in a statement.
Seventy-eight per cent of the Indian organisations that had data encrypted paid the ransom to get their data back, even if they had other means of data recovery, such as backups.
On average, it took one month to recover from the damage and disruption.
According to the 'State of Ransomware 2022' report, 97 per cent of organisations said the attack had impacted their ability to operate, and 92 per cent of the victims said they had lost business and/or revenue because of the attack.
"Nearly 89 per cent of mid-sized organisations had cyber insurance that covers them in the event of a ransomware attack and in 100 per cent of incidents, the insurer paid some or all the costs incurred," the findings showed.
"A considerable number of Indian victims are prepared to pay more than $1 million, but even ransom payments of a few thousand dollars are a good return for the crooks," said Sharma.