Significant percentage of Indian companies hit by ransomware attacks in 2023: Sophos

NewsDrum Desk
Updated On
New Update
ransomware attack

Representative image

New Delhi: Nearly 64 per cent of Indian organisations surveyed were hit by ransomware attacks in 2023, a latest report by Sophos said on Tuesday, noting that while the attack rates fell year-on-year, the impact on victims actually intensified.


The average ransom demand was USD 4.8 million, with 62 per cent of demands exceeding USD 1 million.

The median ransom paid was USD 2 million, the report by the global cybersecurity solutions provider said.

Put simply, ransomware refers to malicious software or malware that seizes files on a computer, network share, backups, and server, and encrypts them, following which the attacker exhorts the user to cough up money to unlock the files.


Typically, ransomware attacks come with a timeline, threatening users that if ransomware demands are not fulfilled, the users will lose files.

According to the 'State of Ransomware in India 2024' report by Sophos, there has been a decrease in the rate of ransomware attacks against Indian organisations from the 73 per cent reported in last study (2022) to 64 per cent in 2023.

Notably though, "the impact on victims has intensified, with higher ransom demands and recovery costs compared to the previous year".


The findings are derived from an independent survey of 5,000 IT decision makers across 14 countries, including 500 respondents in India.

Conducted in January and February 2024, respondents were asked to answer based on their experiences in the previous 12 months.

For the first time, Indian organisations were found to be more likely to recover data by paying the ransom (65 per cent) than using backups (52 per cent).


The report revealed that 44 per cent of impacted computers on an average were encrypted in attacks against Indian victims.

"Thirty four per cent of attacks included data theft in addition to encryption, slightly down from 38 per cent the previous year. Excluding ransom payments, the average cost to recover from an attack was USD 1.35 million," Sophos said in a release.

As per the report, 61 per cent of victims were able to recover data within a week, up from 59 per cent in 2022. As many as 96 per cent reported the attack to authorities, with 70 per cent receiving investigation assistance.

"Prevention remains the most cost-effective ransomware strategy," Sunil Sharma, Vice President, Sales, India and SAARC, Sophos said.