India Tops List of 30 Countries Worldwide for Ransomware Attacks, With 68% of the Organisations Surveyed Hit, Sophos’ Global Survey Shows
Sophos “State of Ransomware 2021” Reveals that the Average Cost to Recover from a Ransomware Attack in India has Tripled from $1.1 Million in 2020 to $3.38 Million in 2021
Key survey findings for India:
· 68% of Indian orgnisations surveyed were hit by ransomware in the last 12 months, down from 82% the previous year
· Nearly three quarters (72%) of Indian organisations admitted that data had been encrypted in the most significant ransomware attack, down from 91% in the previous year
· 67% of Indian organisations paid a ransom to get their data back, double the global average of 32%
· However, organisations in India that paid the ransom got back on average only 75% of their data
· The approximate cost for an organisations to recover from the impact of a ransomware attack increased threefold in the last 12 months, from $1.1 million in 2020 to $3.38 million in 2021
· Of the organisations in India not hit by ransomware in the last 12 months, the overwhelming majority (86%) expect to become a target. The top reason given for this belief (57%) is that ransomware attacks are getting increasingly hard to stop due to their sophistication
· 86% of Indian organisations believe cyberattacks are now too complex for their IT team to handle on their own, compared to a global average of 54%
MUMBAI, NFAPost: Sophos, a global leader in next-generation cybersecurity, announced the findings of its global survey, “The State of Ransomware 2021,” which reveals that the average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from $761,106 in 2020 to $1.85 million in 2021 globally.
In comparison, the survey found that in India, the approximate recovery cost from the impact of a ransomware attack tripled in the last year, up from $1.1 million in 2020, to $3.38 in 2021.
Furthermore, the survey findings also show that 67% of Indian organisations whose data was encrypted paid a ransom to get back their data – a slight increase on the previous year when 66% paid a ransom.
In fact, Indian organisations were the most likely to pay a ransom of all countries surveyed: the global average was just under one-third (32%). The average ransom payment in India was US$76,619.
However, paying up often doesn’t pay off: Indian organisations that paid the ransom got back, on average, 75% of their data (compared to a global average of 65%) and only 4% got all their data back.
The survey polled 5,400 IT decision-makers in mid-sized organisations in 30 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa, including 300 respondents in India.
The survey also found that 86% of Indian organisations believe cyberattacks are now too complex for their IT team to handle on their own, compared to a global average of 54%.
Additionally, the findings revealed that of the organisations in India not hit by ransomware in the last 12 months, the overwhelming majority (86%) expect to become a target. The top reason given for this (57%) is that ransomware attacks are getting increasingly hard to stop due to their sophistication.
Sophos India and SAARC managing director – sales Sunil Sharma said while the proportion of organisations hit by ransomware has declined compared to the previous year, Indian organisations are still far more likely to be hit than those in any other country surveyed.
“This could be due to the high level of domestic ransomware in India, as seen by SophosLabs, leading to a situation where Indian adversaries are targeting Indian organisations. Furthermore, while the drop in attacks is welcome, it reflects, at least in part, changes in attacker behaviors,” said Sunil Sharma.
At Sophos, Sunil Sharma said the company has seen attackers switching to more targeted attacks that include human hands-on-keyboard hacking in order to bypass an organisation’s defenses. “It is harder and more expensive for businesses to recover from these complex attacks, which can leave their operating budgets significantly affected,” said Sunil Sharma.
“The findings further highlight the brutal fact that paying a ransom to get data restored can be illusory,” added Sunil Sharma.
Sunil Sharma said using decryption keys to recover information can be complicated as there is no guarantee of success. “Examples such as the recent DearCry and Black Kingdom attacks show that attacks launched with low quality or hastily compiled code and techniques could make data recovery difficult, if not impossible,” said Sunil Sharma.
Sophos official also said ransomware attacks are not going away and it is more important than ever to protect against the attackers’ malicious maneuvers.
“If organisations are attacked they don’t need to face this challenge alone. Support is available 24/7 in the form of external security operations centers, human-led threat hunting and incident response services,” said Sunil Sharma.
Sophos recommends the following six best practices to help defend against ransomware and related cyberattacks:
1. Assume you will be hit. Ransomware remains highly prevalent. No sector, country or organisations size is immune from the risk.
2. Make backups and keep a copy offline. Backups are the main method used by the organisations surveyed to recover their data. Opt for the industry-standard approach of 3:2:1 (three sets of backups, using two different media, one of which is kept offline)
3. Deploy layered protection. As more ransomware attacks also involve extortion, it is more important than ever to keep adversaries out in the first place. Use layered protection to block attackers at as many points as possible across an estate
4. Combine human experts and anti-ransomware technology. The key to stopping ransomware is defense in depth that combines dedicated anti-ransomware technology and human-led threat hunting. Technology provides the scale and automation an organisations needs, while human experts are best able to detect the tell-tale tactics, techniques and procedures that indicate an attacker is attempting to get into the environment. If you don’t have the skills in house, look at enlisting the support of a specialist cybersecurity company – Security Operation Centers (SOCs) are now realistic options for organisations of all sizes
5. Don’t pay the ransom. Easy to say, but far less easy to do when an organisations has ground to a halt due to a ransomware attack. Independent of any ethical considerations, paying the ransom is an ineffective way to get data back. If you do decide to pay, bear in mind that the adversaries will restore, on average, only around three-quarters of your files
6. Have a malware recovery plan. The best way to stop a cyberattack from turning into a full breach is to prepare in advance. Organisations that fall victim to an attack often realize they could have avoided significant financial loss and disruption if they had an incident response plan in place
The State of Ransomware 2021 survey was conducted by Vanson Bourne, an independent specialist in market research, in January and February 2021. The survey interviewed 5,400 IT decision-makers in 30 countries, in the US, Canada, Brazil, Chile, Colombia, Mexico, Austria, France, Germany, the UK, Italy, the Netherlands, Belgium, Spain, Sweden, Switzerland, Poland, the Czech Republic, Turkey, Israel, UAE, Saudi Arabia, India, Nigeria, South Africa, Australia, Japan, Singapore, Malaysia, and the Philippines. All respondents were from organisations with between 100 and 5,000 employees.