In 2021, over 78 per cent of the Indian organisation were hit with ransomware attacks, up by 68 per cent in 2020, said a new report by Sophos, a cybersecurity firm. The average ransom paid by Indian organisations to get their data encrypted was $1.2 million, with 10 per cent of victims paying a ransom of $1 million or more.
“The ransomware situation in India is worrying. The numbers of victims, ransom payments and the impact of these attacks continued to rise during 2021, at considerable cost,” said Sunil Sharma, managing director, sales, India and SAARC, Sophos.
Ransomware attacks include attackers sending malware to your phones and other devices, which then proceeds to infect your devices and servers, eventually locking you out of them and preventing any access to your files and data. At this point attackers usually demand a ransom in exchange for getting access to your files again.
According to Sophos, 78 per cent of the organisations that had data encrypted paid the ransom to get their data back, even if they had other means of data recovery, such as backups.
“While the average expense of recovering from an incident declined to $2.8 million from $3.4 million in 2020, it remains a significant number that should be sounding alarm bells among management teams of Indian firms. In 2021, the percentage of victim organisations directly impacted by ransomware increased from 68 per cent to 78 per cent. Ransomware isn’t something that might happen, it is something that will happen if you haven’t taken the precautions necessary.”
Almost 89 per cent of mid-sized organisations had cyber insurance that covers them in the event of a ransomware attack – and, in 100 per cent of incidents, the insurer paid some or all the costs incurred. “94 per cent of those with cyber insurance said that their experience of getting it has changed over the last 12 months, with higher demands for cybersecurity measures, more complex or expensive policies and fewer organizations offering insurance protection,” the company said in its press release.
Sophos recommends the following practices to help defend against ransomware and related cyberattacks:
#Install and maintain high-quality defences across all points in the organization’s environment. Review security controls regularly and makes sure they continue to meet the organization’s needs.
#Proactively hunt for threats to identify and stop adversaries before they can execute their attack – if the team lacks the time or skills to do this in house, outsource to a Managed Detection and Response (MDR) specialist.
#Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines, open RDP ports, etc.
#Prepare for the worst. Know what to do if a cyber incident occurs and keep the plan updated.
#Make backups and practice restoring from them so that the organization can get back up and running as soon as possible, with minimum disruption.