Sophos recently released its annual international survey and review of real-world ransomware experiences in the State of Ransomware 2022. The report shows that 78% of Indian organizations surveyed were hit with ransomware in 2021, up from 68% in 2020. The average ransom paid by Indian organizations that had data encrypted in their most significant ransomware attack, was US$1,198,475, with 10% of victims paying ransoms of US$1M or more. Seventy-eight percent of the organizations that had data encrypted paid the ransom to get their data back, even if they had other means of data recovery, such as backups.
The report summarizes the impact of ransomware on 5,600 mid-sized organizations in 31 countries across Europe, the Americas, Asia-Pacific and Central Asia, the Middle East, and Africa, including 300 in India.
“The ransomware situation in India is worrying. The numbers of victims, ransom payments and the impact of these attacks continued to rise during 2021, at considerable cost,” said Sunil Sharma, managing director, sales, India and SAARC, Sophos. “While the average expense of recovering from an incident declined to US$2.8M from US$3.4M in 2020, it remains a significant number that should be sounding alarm bells among management teams of Indian firms. In 2021, the percentage of victim organisations directly impacted by ransomware increased from 68% to 78%. Ransomware isn’t something that might happen, it is something that will happen if you haven’t taken the precautions necessary.”
The main findings for India in the State of Ransomware 2022 global survey, which covers ransomware incidents experienced during 2021, as well as related cyber insurance issues, include:
· A significant number of victims are paying the ransom – In 2021, 78% of organizations that had data encrypted in a ransomware attack paid the ransom. This is the highest rate of ransom payment reported across all 31 countries surveyed
· The impact of a ransomware attack can be immense – The average cost to recover from the most recent ransomware attack in 2021 was US$2.81M, down from US$3.4M in 2020. It took on average one month to recover from the damage and disruption. Ninety-seven percent of organizations said the attack had impacted their ability to operate, and 92% of the victims said they had lost business and/or revenue because of the attack
· Many organizations rely on cyber insurance to help them recover from a ransomware attack – 89% of mid-sized organizations had cyber insurance that covers them in the event of a ransomware attack – and, in 100% of incidents, the insurer paid some or all the costs incurred
· Ninety-four percent of those with cyber insurance said that their experience of getting it has changed over the last 12 months, with higher demands for cybersecurity measures, more complex or expensive policies and fewer organizations offering insurance protection
“With 89% of organisations insured and 100% of them receiving compensation in the wake of an attack, we can expect the trends observed during 2021 in insurance coverage and costs to continue to increase,” said Sunil Sharma. “Policies will require stronger defences at higher costs, with more exceptions. Cybercriminals will continue to see India as a prime target, due in part to the high proportion of victims paying the ransom. The results show that a considerable number of Indian victims are prepared to pay more than US$1M, but even ransom payments of a few thousand dollars are a good return for the crooks.”
Sophos recommends the following best practices to help defend against ransomware and related cyberattacks:
1. Install and maintain high-quality defenses across all points in the organization’s environment. Review security controls regularly and make sure they continue to meet the organization’s needs
2. Proactively hunt for threats to identify and stop adversaries before they can execute their attack – if the team lacks the time or skills to do this in house, outsource to a Managed Detection and Response (MDR) specialist
3. Harden the IT environment by searching for and closing key security gaps: unpatched devices, unprotected machines, open RDP ports, etc. Extended Detection and Response (XDR) solutions are ideal for this purpose
4. Prepare for the worst. Know what to do if a cyber incident occurs and keep the plan updated
5. Make backups, and practice restoring from them so that the organization can get back up and running as soon as possible, with minimum disruption