Indian companies paid Rs 8 crore on average to fix ransomware, says report

A new report on Tuesday said that Indian companies paid an ransom of more than Rs 8 crore on average to fix ransomware attacks.

82 percent of Indian companies were attacked in the last 12 months – a 15 percent increase from 2017, the report called ‘The State of Ransomware 2020’, run by global cyber security company Sophos. Ransomware is a form of malicious software that, according to, locks and encrypts a victim’s computer or device data and then demands a ransom to restore access.

Two ransomware organizations in India accepted two ransom money. The data was encrypted in 91 percent of attacks that successfully disbanded an organization in India. The average cost of addressing the impact of such an attack in India, including the decline of business, lost orders, operating costs and more, was a little over Rs 8 crore.

Delhi topped 85 percent of organizations in the national capital, with ransomware attacks in the last 12 months, followed by Bengaluru (83 percent) and Kolkata (81 percent).

Mumbai-based firms ranked fourth (81 percent), sixth ranked Chennai (79 percent) and organizations surveyed across 26 countries across six continents surveyed 5,000 IT decision makers, with Hyderabad ranked sixth and Hyderabad (74 percent). Finished seventh. .

According to Sophos chief research scientist Chester Wisniewski, the organization may feel intense pressure to pay the ransom to avoid harm.

“On the face of it, ransom payment seems to be an effective way of restoring data, but it is an illusion. Paying ransom makes little difference to the burden of recovery in terms of time and cost,” he said. said.

This may be because it is unlikely that there is a single magical decryption key that needs to be retrieved.

“Often, attackers can share multiple keys and using them to restore data can be a complicated and time-consuming affair,” Wisniewski said.

According to the report, only 8 percent of victims in India were able to stop the attack, compared to global data before their data was on average 24 percent.

Globally, the average cost of recovery is $ 1.4 million if organizations pay ransom and $ 730,000 if they do not.

Each organization in India paying the ransom got its own data back, although it was not always elsewhere.

“An effective backup system that enables organizations to restore encrypted data without paying attackers is business critical, but there are other important elements to consider if the company is really flexible for ransomware,” Wisniewski said.

Back to top button