82% of Indian firms hit by ransomware attacks in a year: Report
More than 80% of Indian organisations had experienced a significant ransomware attack in the previous 12 months, compared to 67% in 2017, a report by cybersecurity firm Sophos Tuesday said.
Despite the data being encrypted, it was breached in 91% of the cases and 66% of the organisations hit by ransomware admitted paying the ransom.
The average cost of addressing the impact of such an attack in India amounts to more than Rs 80,270,000, said the report ‘The State of Ransomware 2020’.
“Nearly 30% of the IT managers surveyed in India were able to recover their data from backups without paying the ransom. Every organization in India that paid the ransom got their data back,” noted the report, and added that on a global level the case was different.
Globally, nearly 5% of the public sector organisations paid the ransom but did not get their data back and worrying, 13% of the public sector organisations surveyed never managed to restore their encrypted data.
However, despite the picture painted by the statistics, the public sector remained the least affected by ransomware globally, with just 45% of the organisations surveyed in this category saying they were hit by a significant attack in the previous year.
“At a global level, media, leisure, and entertainment businesses in the private sector were most affected by ransomware, with 60% of respondents reporting attacks,” added the report.
“Organizations may feel intense pressure to pay the ransom to avoid damaging downtime. On the face of it, paying the ransom appears to be an effective way of getting data restored, but this is illusory,” said Chester Wisniewski, principal research scientist, Sophos.
Wisniewski added that Sophos’ findings suggest that paying ransom makes little difference to the time and resources involved in the recovery of data and explained that the attacker may share one or multiple decryption keys, often making the data-recovery process complex and a time-consuming affair.
“An effective backup system that enables organizations to restore encrypted data without paying the attackers is business critical, but there are other important elements to consider if a company is to be truly resilient to ransomware,” further said Wisniewski.
“Some attackers also attempt to delete or otherwise sabotage backups to make it harder for victims to recover data and increase pressure on them to pay,” said Wisniewski citing the Maze ransomware attack. He suggested to avoid these attack techniques, organisations should keep backups offline, protected by multi-layered security systems.
The survey polled 5,000 IT decision-makers in organizations in 26 countries across six continents, including Europe, the Americas, Asia-Pacific and central Asia, the Middle East, and Africa.