64% of Indian Organizations Hit by Ransomware in the last year: Sophos | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Ransomware Attack Rate Drops in India but Impact Increases

Sophos, a global leader of innovative cybersecurity solutions that provide protection against cyberattacks, today released its annual “State of Ransomware in India 2024” report. The findings show a decrease in the rate of ransomware attacks against Indian organizations from the 73% reported in last year’s study to 64% in this year’s. However, the impact on victims has intensified, with higher ransom demands and recovery costs compared to the previous year.

The State of Ransomware in India 2024 report findings are derived from an independent survey of 5,000 IT decision makers across 14 countries, including 500 respondents in India. Conducted in January and February 2024, respondents were asked to answer based on their experiences in the previous 12 months. For the first time, Indian organizations were found to be more likely to recover data by paying the ransom (65%) than using backups (52%). The average ransom demand was $4.8 million, with 62% of demands exceeding $1 million. The median ransom paid was $2 million.

Key findings from the India report include:

  • 44% of impacted computers on average were encrypted in attacks against Indian victims
  • 34% of attacks included data theft in addition to encryption, slightly down from 38% the previous year
  • Excluding ransom payments, the average cost to recover from an attack was $1.35 million
  • 61% of victims were able to recover data within a week, up from 59% in 2022
  • 96% reported the attack to authorities, with 70% receiving investigation assistance


“Prevention remains the most cost-effective ransomware strategy. Having solid defense-in-depth cybersecurity with anti-ransomware capabilities, ensuring in-depth defense protection with 24/7 monitoring is critical. At the same time, it is equally important to develop response capabilities, and comprehensive backup and recovery measures,” said Sunil Sharma, Vice President, Sales, India and SAARC, Sophos. “Continually reviewing security posture and incident response plans will also greatly improve an organization’s resilience against these relentless attacks.”

Additional key global findings from the report include:

  • Less than one quarter (24%) of those that pay the ransom hand over the amount originally requested, and 44% of respondents reported paying less than the original demand
  • The average ransom payment came in at 94% of the initial ransom demand
  • In more than four-fifths (82%) of cases funding for the ransom came from multiple sources. Overall, 40% of total ransom funding came from the organizations themselves and 23% from insurance providers
  • 94% of organizations hit by ransomware in the past year said that the cybercriminals attempted to compromise their backups during the attack, rising to 99% in both state and local government. In 57% of instances, backup compromise attempts were successful
  • In 32% of incidents where data was encrypted, data was also stolen – a slight lift from last year’s 30% – increasing attackers’ ability to extort money from their victims

John Shier, field CTO, Sophos, said, “We must not let the slight dip in attack rates give us a sense of complacency. Ransomware attacks are still the most dominant threat today and are fueling the cybercrime economy. Without ransomware we would not see the same variety and volume of precursor threats and services that feed into these attacks. The skyrocketing costs of ransomware attacks belie the fact that this is an equal opportunity crime. The ransomware landscape offers something for every cybercriminal, regardless of skill. While some groups are focused on multi-million-dollar ransoms, there are others that settle for lower sums by making it up in volume.”

Sophos recommends the following best practices to help organizations defend against ransomware and other cyberattacks:

  • Understand your risk profile, with tools such as Sophos Managed Risk which can assess an organization’s external attack surface, prioritize the riskiest exposures and provide tailored remediation guidance
  • Implement endpoint protection that is designed to stop a range of evergreen and constantly changing ransomware techniques, such as Sophos Intercept X
  • Bolster your defenses with round-the-clock threat detection, investigation and response, either through an in-house team or with the support of a Managed Detection and Response (MDR) provider
  • Build and maintain an incident response plan, as well as making regular back-ups and practicing recovering data from backups

Read the State of Ransomware 2024 report for global findings and data by sector.



Learn More About

Recent LockBit attacks taking advantage of the new ScreenConnect vulnerabilities

Lessons from the recent LockBit takedown

The rise of remote encryption among ransomware groups

Different ransomware threat actors, their TTPs and Sophos’ latest ransomware research in the Ransomware Threat Intelligence Center

How defenders can combat attackers in a fast-moving threat landscape in the 2023 Active Adversary Report for Security Practitioners

Dwindling dwell times and changing attacker behavior and techniques in the Active Adversary Report for Tech Leaders 2023

Changing attacker behaviors, techniques and tactics in the 2023 Active Adversary Report for Business Leaders, based on an analysis of more than 150 Sophos incident response cases

Sophos X-Ops and its groundbreaking threat research by subscribing to the Sophos X-Ops blogs


About Sophos

Sophos is a global leader and innovator of advanced security solutions that defeat cyberattacks, including Managed Detection and Response (MDR) and incident response services and a broad portfolio of endpoint, network, email, and cloud security technologies. As one of the largest pure-play cybersecurity providers, Sophos defends more than 600,000 organizations and more than 100 million users worldwide from active adversaries, ransomware, phishing, malware, and more. Sophos’ services and products connect through the Sophos Central management console and are powered by Sophos X-Ops, the company’s cross-domain threat intelligence unit. Sophos X-Ops intelligence optimizes the entire Sophos Adaptive Cybersecurity Ecosystem, which includes a centralized data lake that leverages a rich set of open APIs available to customers, partners, developers, and other cybersecurity and information technology vendors. Sophos provides cybersecurity-as-a-service to organizations needing fully managed security solutions. Customers can also manage their cybersecurity directly with Sophos’ security operations platform or use a hybrid approach by supplementing their in-house teams with Sophos’ services, including threat hunting and remediation. Sophos sells through reseller partners and managed service providers (MSPs) worldwide. Sophos is headquartered in Oxford, U.K. More information is available at


Click Here For The Original Source.


National Cyber Security