Rate of ransomware attacks has increased in India to 73% from 57%: Sophos

Sophos has released its annual “State of Ransomware 2023” report, which found that the rate of ransomware attacks has increased in India with 73% of organizations surveyed reporting they were a victim of ransomware up from 57% the previous year. In 77% of ransomware attacks against surveyed organizations, adversaries succeeded in encrypting data with 44% paying the ransom to get their data back – a considerable drop from last year’s rate of 78%.The report showed that Chennai, Bengaluru and Kolkata faced the maximum number of ransomware attacks followed by Delhi and Mumbai.

Sophos released “The State of Ransomware 2023” report after conducting a survey between January and March, involving 14 countries including India. The team received responses from 3,000 IT or cybersecurity leaders in midsized organisations, including 300 respondents in India. Organizations surveyed had between 100 and 5,000 employees, and revenue ranged from less than $10 million to more than $5 billion.

“Although dipping slightly from the previous year, the rate of encryption remains high at 77 per cent, which is certainly concerning. Ransomware crews have been refining their methodologies of attack and accelerating their attacks to reduce the time for defenders to disrupt their schemes," said Chester Wisniewski, field CTO, Sophos.

“Incident costs rise significantly when ransoms are paid. Most victims will not be able to recover all their files by simply buying the encryption keys; they must rebuild and recover from backups as well. Paying ransoms not only enriches criminals, but it also slows incident response and adds cost to an already devastatingly expensive situation,” said Wisniewski.

While presenting the survey report on Wednesday, Sunil Sharma – the managing director of sales (India and SAARC) at Sophos – said according to the findings, Chennai came out to be 89% respondents said, yes we got attacked Kolkata, Delhi and Bangalore are also facing the maximum number of ransomware attacks. He further said that “I am not sure about the reason why Chennai, Bengaluru and Kolkata were at the top of the list. 

He further talks about the root cause of ransomeware attacks and said vulnerabilities are kind of holes in the software. The most important root cause of the attack which was found was exploiting the vulnerabilities. “He further said people don’t want to change their password. In a survey, which was conducted where the people kept the same password which was given to them at the time of registration and deployment. They didn’t even bother to change that.”

When analyzing the root cause of ransomware attacks, the most common was an exploited vulnerability (involved in 35% of cases), followed by compromised credentials (involved in 33% of cases). This is in line with recent, in-the-field incident response findings from Sophos’ 2023 Active Adversary Report for Business Leaders.

Key Finding of the report:

•           In 30% of cases where data was encrypted, 38% data was also stolen

•           The education sector reported the highest level of ransomware attacks, with 79% of higher education organizations surveyed and 80% of lower education organizations surveyed reporting that they were victims of ransomware

•           Overall, 46% of organizations surveyed that had their data encrypted paid the ransom. However, larger organizations were far more likely to pay. In fact, more than half of businesses with revenue of$500 million or more paid the ransom, with the highest rate reported by those with revenue over $5 billion. This could partially be due to the fact that larger companies are more likely to have a standalone cyber insurance policy that covers ransom payments.

“With almost three quarters of Indian organizations reporting that they have been victimized by ransomware criminals, a lot of work needs to be done. The key to lowering this number is to work to aggressively lower both times to detect and time to respond. Human-led threat hunting is very effective at stopping these criminals in their tracks, but alerts must be investigated, and criminals evicted from systems in hours and days, not weeks and months. Experienced analysts can recognize the patterns of an active intrusion in minutes and spring into action. This is likely the difference between the quarter who stay safe and the three quarters who do not. Organizations must be on alert 24x7 to mount an effective defense these days,” said Wisniewski.

Sophos recommends the following best practices to help defend against ransomware and other cyberattacks:

• Strengthen defensive shields with:
  • Security tools that defend against the most common attack vectors, including endpoint protection with strong anti-exploit capabilities to prevent exploitation of vulnerabilities, and Zero Trust Network Access (ZTNA) to thwart the abuse of compromised credentialsAdaptive technologies that respond automatically to attacks, disrupting adversaries and buying defenders time to respond
  • 24/7 threat detection, investigation and response, whether delivered in-house or by a specialist Managed Detection and Response (MDR) provider
• Optimize attack preparation, including making regular backups, practicing recovering data from backups and maintaining an up-to-date incident response plan
• Maintain good security hygiene, including timely patching and regularly reviewing security tool configurations.